[ISN] Open Source Security Testing Methods

From: InfoSec News (isnat_private)
Date: Thu May 03 2001 - 12:03:54 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] 3 Microsoft Web sites Defaced, Corrections, IIS5 hole"

    Forwarded by: Dave Wreski <daveat_private>
    Recently I had an opportunity to speak with Pete Herzog, creator of
    the Open-Source Security Testing Methodology Manual, a project to make
    a thorough security test methodology for Internet security testing.
    In the interview, Pete describes the project, provides a bit on his
    background and reasons for writing the manual, and where to go for
    further information.
    "This manual is to set forth a standard for Internet security testing.
    Disregarding the credentials of many a security tester and focusing on
    the how, I present a solution to a problem which exists currently.
    Regardless of firm size, finance capital, and vendor backing, any
    network or security expert who meets the outline requirements in this
    manual is said to have completed a successful security snapshot. Not
    to say one cannot perform a test faster, more in depth, or of a
    different flavor. No, the tester following the methodology herein is
    said to have followed the standard model and therefore if nothing
    else, has been thorough."
    Dave Wreski
    Corporate Manager                           Guardian Digital, Inc.
    (201) 934-9230                Pioneering.  Open Source.  Security.
    daveat_private            http://www.guardiandigital.com
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Fri May 04 2001 - 05:17:38 PDT