{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

pentest-standard.pdf

Rick hayes force practice lead trustedsec 103 q so is

Info iconThis preview shows pages 226–229. Sign up to view the full content.

View Full Document Right Arrow Icon
Rick Hayes , Force Practice Lead - TrustedSec . 10.3 Q: So is this a closed group or can I join in? A : We started this with about 6 people, the first in-person meeting held almost 20. We would love more insight and down-to-earth opinions so if you can contribute please feel free to email us. 10.4 Q: Is this going to be a formal standard? A : We are aiming to create an actual standard so that businesses can have a baseline of what is needed when they get a pentest as well as an understanding of what type of testing they require or would provide value to their business. The lack of standardization now is only hurting the industry as businesses are getting low-quality work done, and practitioners lack guidance in terms of what is needed to provide quality service. 10.5 Q: Is the standard going to include all possible pentest scenar- ios? A : While we can’t possibly cover all scenarios, the standard is going to define a baseline for the minimum that is required from a basic pentest, as well as several “levels” on top of it that provide more comprehensive activities required for organizations with higher security needs. The different levels would also be defined as per the industry in which they should be the baseline for. 10.6 Q: Is this effort going to standardize the reporting as well? A : Yes. We feel that providing a standard for the test without defining how the report is provided would be useless. We will define both executive (business) reporting as well as technical reporting as an integrated part of the standard. 10.7 Q: Who is the intended audience for this standard/project? A : Two main communities: businesses that require the service, and service providers. For businesses the goal is to enable them to demand a specific baseline of work as part of a pentest. For service providers the goal is to provide a baseline for the kinds of activities needed, what should be taken into account as part of the pentest from scoping through reporting and deliverables. 10.8 Q: Is there a mindmap version of the original sections? A : Following popular demand, we have _a_ version of the mindmap used when creating the first drafts of the standard available for download here (in FreeMind format). 220 Chapter 10. FAQ
Background image of page 226

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CHAPTER 11 Media Here is some of the media releases since the birth of PTES. Zdnet InfoSecInstitute Chris John Riley Blog Iftach Ian Amit (iiamit) Blog Dave Kennedy (ReL1K) Blog Security Justice Podcast Blip.tv Zonbi.org InfoSecIsland Zonbi.org Aluc.TV Podcast ISDPodcast 1 ISDPodcast 2 Securabit Podcast Source Boston session on PTES and the video interview 221
Background image of page 227
The Penetration Testing Execution Standard Documentation, Release 1.1 222 Chapter 11. Media
Background image of page 228

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CHAPTER 12 Indices and tables • genindex • modindex • search 223
Background image of page 229
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page226 / 229

Rick Hayes Force Practice Lead TrustedSec 103 Q So is this...

This preview shows document pages 226 - 229. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online