If it is any use to the list, the report Carl references:
Penetration Test Sample Report (Network & System)
http://www.besnard.org/biometrics/2BIO706_business_report.pdf
Was submitted by the a student (the guy on the web site) as part of the
Westminster University Biometrics MSc course.
It was the report for the end of week test, on the Penetration Testing
Module. I know this because as well as writing the course, I presented
it and built the test LAN they attacked.
The course is still available thought the University www.wmin.ac.uk
(although I do not personally lecture there any more).
If any one is interested in the Master report that was presented to the
students, drop me a line and I can dig it out for you.
Steve A
----------------------------------------
NEW - UK IT Security Forum www.logicallysecure.com/forum
-----Original Message-----
From: Carl Davis [mailto:cdavis@rvasi.com]
Sent: 26 April 2006 11:58
To: 'Mr.Hartmann'
Cc: 'Securi Net'; security-basics@securityfocus.com
Subject: RE: PenTest Checklist
Below are links to resources that may come in handy:
OWASP Guide to Web Application Penetration Testing (Web App)
http://www.owasp.org/documentation/testing.html
Web Application Cheatsheet Version 2 (Web App)
http://www.secguru.com/files/temp/webappcheatsheet2.pdf
Reconnaissance Cheatsheet (Web App -> General)
http://www.professionalsecuritytesters.org/Documents/cheatsheets/reconna
issa
nceCheatSheet.pdf
Penetration Test Sample Report (Network & System)
http://www.besnard.org/biometrics/2BIO706_business_report.pdf
Imperva Penetration Test Report Example (Web App)
http://www.imperva.com/docs/VedaPenetrationTest.pdf
Penetration Test Report Outline (General)
http://www.deaddrop.com/InfoSec/Audit/SampleReports/penetrationReport.ht
ml
Cheers,
Carl Davis,C|EH,CISSP,MCSE,CCSA
Site: http://www.rvasi.com
Forum: http://www.rvasi.com/forum
-----Original Message-----
From: Mr.Hartmann [mailto:hartmann@thestar.com.my]
Sent: Thursday, April 20, 2006 8:29 PM
To: 'Securi Net'; security-basics@securityfocus.com
Subject: PenTest Checklist
Hi,
Is there any site where I could get a sample of penetration test (remote
&
web) checklist/standard/guide and sample reports?
Thanks.
Adam
/******************************************************************\
This message and any attachment(s) are confidential and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient, please telephone or e-mail the sender and delete
this message and any attachment from your system. If you are not the
intended recipient you must not copy this message or attachment or
disclose the content to any other person.
Any opinion, view and/or other information in this message and/or any
attachment(s) hereto which do not relate to the official business of
Star Publications (Malaysia) Bhd shall not be deemed given nor endorsed
by Star Publications (Malaysia) Bhd. Our company is not responsible for
any activity that might be considered to be an illegal and/or improper
use of email.
E-mail transmissions cannot be guaranteed to be secured or error-free as
information could be intercepted, corrupted, lost, destroyed, delayed,
incomplete or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message or
for any virus damage which may arise as a result of this e-mail
transmission.
/******************************************************************\
------------------------------------------------------------------------
-
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--
------------------------------------------------------------------------
-
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
