Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest documentation

From: "Andrew Hay" <andrewsmhay () gmail com>
Date: Mon, 2 Oct 2006 16:18:47 -0300
Hi Jürgen,

I would document the session in a hand-written notebook (each page
dated and numbered)  and, if needed, take photographs instead of
video.  If you ever needed to present this data in a court of law the
jury tends to associate better with the above formats.

That being said, if presenting to a client, you would probably want to
present a formal document based on your notes taken at the time of the
testing.

Hope this helps.

--
Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA]
blog: https://www.andrewhay.ca
email: andrewsmhay || at || gmail.com

On 02/10/06, "Jürgen R. Plasser" <plasser () hexagon at> wrote:

Hi All,

How do you document and log the pentest session itself?

I want to document the pentest process in detail, not only for the
customer, but for later reviews and to avoid legal difficulties.

What are the best tools to accomplish that or do you even record the
sessions on video with a camcorder? Or some kind of screen recorder?

Thanks,

Jürgen


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: