Penetration Testing mailing list archives
Re: pentest documentation
From: "Andrew Hay" <andrewsmhay () gmail com>
Date: Mon, 2 Oct 2006 16:18:47 -0300
Hi Jürgen, I would document the session in a hand-written notebook (each page dated and numbered) and, if needed, take photographs instead of video. If you ever needed to present this data in a court of law the jury tends to associate better with the above formats. That being said, if presenting to a client, you would probably want to present a formal document based on your notes taken at the time of the testing. Hope this helps. -- Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA] blog: https://www.andrewhay.ca email: andrewsmhay || at || gmail.com On 02/10/06, "Jürgen R. Plasser" <plasser () hexagon at> wrote:
Hi All, How do you document and log the pentest session itself? I want to document the pentest process in detail, not only for the customer, but for later reviews and to avoid legal difficulties. What are the best tools to accomplish that or do you even record the sessions on video with a camcorder? Or some kind of screen recorder? Thanks, Jürgen ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation David Swafford (Oct 02)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation Andres Riancho (Oct 02)
- Re: pentest documentation IndianZ (Oct 02)
- Re: pentest documentation Jason Ross (Oct 02)
- Re: pentest documentation Jürgen R. Plasser (Oct 03)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation David Swafford (Oct 02)
- Re: pentest documentation Tonnerre Lombard (Oct 03)
- <Possible follow-ups>
- Re: Re: pentest documentation krymson (Oct 02)
- Re: pentest documentation David Ball (Oct 03)
- RE: Re: pentest documentation William Woodhams (Oct 03)
- Re: pentest documentation Ben Anderson (Oct 03)