Penetration Testing mailing list archives
Re: Pen Test Basic Needs
From: "Saint Anthony" <saintpatrick () xasamail com>
Date: Sat, 16 Jul 05:17:40 2005 +0000
One of the first things to do when undertaking any major project like this, define the scope. Everything else will become more definite after you clearly plot out what it is you hope to test. This includes the selection of utilities and so on. - Anthony Towry Student sauger () pre2post com wrote:
Hi list, I recently sent this email on the security-basics list, and afterwards discovered this list. I thought I'd repost it, since this is probably the best place for it. A quick couple of questions out of curiosity... 1) If you had to do a pen-test, what type of information would you need to begin with? External IP? Web site name? Anything else I'm forgetting? 2) What tools would you use for the pen-test? Nessus, Snort, Cain&Abel. Anything else that would be useful? 3) Any good docs on where to start? I can find my way around once I'm in, but it's the first step that's the problem. 4) Any templates on good contracts to cover myself? This pen-test will probably be for a network, but also for a web site that's hosted elsewhere. Both the network's and the hosing site's owners are aware and ready to sign off on it, so I'm pretty much aware of the legal ramifications, which is why I'd love to see some contract templates. I'll be backed up by others, but would still like the info on how to start so I can prepare. Thanks everyone! Stephane
http://www.xasamail.com/
Current thread:
- Pen Test Basic Needs Stephane Auger (Jul 14)
- Re: Pen Test Basic Needs Kyle Maxwell (Jul 15)
- <Possible follow-ups>
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Security Professional (Jul 15)
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Saint Anthony (Jul 16)