Penetration Testing mailing list archives
Re: Pentest Criteria
From: Wim Remes <wremes () gmail com>
Date: Wed, 8 Sep 2010 07:29:36 +0200
Pete, with all due respect but don't you think you have abused the open source predicament long enough for something that will never be open nor free? I know companies that got involved with v2, that invested in getting resources trained in v3, or the subset of it that was available at the moment of the trianing, and now have the outlook that they'll be pointing their customers to another ISO standard instead of an open source standard and. At the moment OSSTMM 3 does nothing but frustrate the heck out of people who invested time in either v2 or v3 based on idealism and empty promises. Cheers, Wim On 05 Sep 2010, at 20:36, Pete Herzog wrote:
What if a client wants criteria reported as well. I'm not sure if there is one I can use without running the risk of it being too far removed. Is there a frame work or best practice which lends itself to pentests? Or do I have to try to layer NIST on top of it Thoughts?OSSTMM 3 does exactly that. Currently it's being reviewed to either include in the ISO27000 series or be its own ISO. It has operational security metrics which allow you to rate vulnerabilities on what they do and it works very very well for pen test. Sincerely, -pete. -- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest Criteria Kurt M. John (Sep 03)
- Re: Pentest Criteria TAS (Sep 05)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Kurt M. John (Sep 09)
- RE: Pentest Criteria Cor Rosielle (Sep 09)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 09)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria TAS (Sep 05)