On Saturday 23 August 2003 15:57, Gerald Cody Bunch wrote: > This may or may not be 100% on topic, but I believe that it would fit in > good. From what I have read pen-tests are supposedly well documented > from the start (or should be) and some form of report generated at the > end. My question is, what templates/procedures do the members of this > list use? Are there any standards for documentation, and/or publicly > available templates/procedures? I follow the OSSTM Manual. Not quite to the letter, but pretty close. As for pre and post test documentation, I have my own document templates for several different lines of business. http://www.isecom.org/projects/osstmm.htm -- Jonathan Rickman X Corps Security http://www.xcorps.net --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Aug 24 2003 - 12:25:49 PDT