Penetration Testing mailing list archives
Re: Penetration Testing Scheduling
From: Dotzero <dotzero () gmail com>
Date: Mon, 28 Apr 2008 16:48:08 -0400
On 26 Apr 2008 19:58:37 -0000, Yousif () vapt-sec com <Yousif () vapt-sec com> wrote:
I've heard a lot of folks say that telling your customers exactly when you will begin the testing is not suitable, but I'm not sure as to why they that... Can anyone define for me the right approach? -- Do you plan the assessment and let them know it's within a week or so, or do you simply inform them the date and time specifically?
I always require the vendor to provide specific dates and timeframes as well as originating IP addresses if a pentest involves our production environment. I provide this information to the IDS team but may only give a general heads up to neteng and other teams. We also have a requirement that we have direct phone numbers for the pentest team. If we see anyting untoward I will contact them. I also expect them to contact me immediately if they think they "broke" something. This is all part of the contract. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Penetration Testing Scheduling Yousif (Apr 28)
- Re: Penetration Testing Scheduling Dotzero (Apr 29)
- Re: Penetration Testing Scheduling Robin Wood (Apr 29)
- Re: Penetration Testing Scheduling arvind doraiswamy (Apr 29)
- Re: Penetration Testing Scheduling Sat Jagat Singh (Apr 30)
- Re: Penetration Testing Scheduling Anders Thulin (Apr 29)
- <Possible follow-ups>
- Re: Penetration Testing Scheduling Yousif (Apr 29)
- Re: Penetration Testing Scheduling Joey Peloquin (Apr 30)
- Re: Penetration Testing Scheduling Todd Haverkos (Apr 30)
- Re: Re: Penetration Testing Scheduling zenmasterbob123 (Apr 30)