Lets try to put things the other way around, for dont get in to the exercise in semantics that Don Bailey said, or refering ourselfs to a pen test as if it was only running a scanner or identify one hole in one server to can exploit it without seeing anything else. Regarding http://uk.osstmm.org/osstmm.htm, what are the topics for a zero knowledge pen test or what is called there an Unrestricted Test? Network Surveying Port Scanning System Identification Services Probing Vulnerability Research and Testing Application Testing Firewall & ACL Testing and Review Security Policy Review Privacy Review Intrusion Detection System (IDS) Testing Document Grinding (Electronic Dumpster Diving) Social Engineering Trusted Systems Testing Password Cracking Denial of Service (DoS) Testing Wireless Network Testing PBX Testing [ ]'s bacano ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:16:29 PDT