Below are links to resources that may come in handy:
OWASP Guide to Web Application Penetration Testing (Web App)
http://www.owasp.org/documentation/testing.html
Web Application Cheatsheet Version 2 (Web App)
http://www.secguru.com/files/temp/webappcheatsheet2.pdf
Reconnaissance Cheatsheet (Web App -> General)
http://www.professionalsecuritytesters.org/Documents/cheatsheets/reconnaissa
nceCheatSheet.pdf
Penetration Test Sample Report (Network & System)
http://www.besnard.org/biometrics/2BIO706_business_report.pdf
Imperva Penetration Test Report Example (Web App)
http://www.imperva.com/docs/VedaPenetrationTest.pdf
Penetration Test Report Outline (General)
http://www.deaddrop.com/InfoSec/Audit/SampleReports/penetrationReport.html
Cheers,
Carl Davis,C|EH,CISSP,MCSE,CCSA
Site: http://www.rvasi.com
Forum: http://www.rvasi.com/forum
-----Original Message-----
From: Mr.Hartmann [mailto:hartmann@thestar.com.my]
Sent: Thursday, April 20, 2006 8:29 PM
To: 'Securi Net'; security-basics@securityfocus.com
Subject: PenTest Checklist
Hi,
Is there any site where I could get a sample of penetration test (remote &
web) checklist/standard/guide and sample reports?
Thanks.
Adam
/******************************************************************\
This message and any attachment(s) are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone or e-mail the sender and delete this message and any
attachment from your system. If you are not the intended recipient you must
not copy this message or attachment or disclose the content to any other
person.
Any opinion, view and/or other information in this message and/or any
attachment(s) hereto which do not relate to the official business of Star
Publications (Malaysia) Bhd shall not be deemed given nor endorsed by Star
Publications (Malaysia) Bhd. Our company is not responsible for any activity
that might be considered to be an illegal and/or improper use of email.
E-mail transmissions cannot be guaranteed to be secured or error-free as
information could be intercepted, corrupted, lost, destroyed, delayed,
incomplete or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message or for
any virus damage which may arise as a result of this e-mail transmission.
/******************************************************************\
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
