> Then maybe someone should define what the components are for > a standard penetration test, a vulnerability assessment, and > a security audit. There is already one freely available and it is called Open Source Security Testing Methodology (http://uk.osstmm.org/osstmm.htm). In RFCs you will find Site Security Handbook (it's not on pen-test, but I guess it can be useful anyway). On the other hand many companies have their own methodology which they do not like to distribute outside. Creating proper and efficient methodology is very difficult task that not every one can accomplish. Because of this market demands such solution and the cost of some services is high. Price is also based on resources and time needed to create such methodology. And please remember that after creating your methodology should be research further to keep up with the rest of the world. Regards, Aleksander Czarnowski AVET INS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 11:09:44 PDT