Pen Testing

In the realm of penetration testing and vulnerability scanning there is a wealth of information on the web, but sometimes it’s hard to find comprehensive information that is accurate. I’ve found the items below to be of high value, relevant and up-to-date, as well detailed enough to be enterprise standard – so I thought I would share them.

Remember there is a lot of etiquette involved in testing, especially if you are an external tester. These guides cover how to work within the boundaries of those requirements, and how not to fall into some bad practices. Having these docs handy will help keep you safe in your testing – and that is necessary considering the nature of the job.

Penetration Testing Framework – updated July 2009

This framework is current as of January this year. It contains everything from processes and procedures, to text for client side testing, and links to all the latest tools. It’s an invaluable resource. As I find updated versions I will post them here for anyone that wants them.

Penetration Testing Checklist

This is a generic penetration testing checklist that contains all manner of audit and test process and procedures, and is a excellent aid whether you are a beginner or expert. You can copy this and tailor it to your needs.

Penetration Testing Report Template

Here’s a good template to use to report your penetration testing findings back to whomever needs to see them. It’s a professional guideline that you can tailor to your needs and can be a detailed as you need it to be. It will allow you to put forward a very professional report, and will remind you of the considerations the entity you are testing may have. You might not need this amount of detail, but it’s hand to have the option.

User Security Awareness Presentation (PPT)

I searched high and low for something like this. No-one seemed to have (or didn’t want to share) a presentation of this kind. Others that I found were very stiff, extremely boring and too technical. I’m dealing with engineers to execs, receptionsists to HR – I wanted something that would be understood  by all, but wouldn’t put them to sleep too quickly. I found this one – edited it to my liking, and now I’m sharing an ‘unbranded’ version for anyone who wants it.

User Security Training Presentation (240)
Feel free to share:
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Furl
  • LinkedIn
  • StumbleUpon
  • Technorati
  • TwitThis
  • Digg
  • MySpace
  • Ping.fm
  • Slashdot