Welcome to The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST
Search
Nickname Password Security Code Security Code Type Security Code  
Penetration Testing the way it was meant to be

CCCure Quiz

We recommend:

Video Library

Skimming for ID theft
5 / 2
Views: 218
Comments: 2
11-01-2008 00:18

Latest version of ATM skimmer hidden behind a speaker looking device
5 / 3
Views: 232
Comments: 0
11-01-2008 00:11

ATM Scam, do check your ATM machine before using it
5 / 1
Views: 213
Comments: 0
10-31-2008 23:59

Forums Posts

Methodologies

Recommended PodCasts

Recommended Sites

Security Blogs

Security Forums

Best Downloads

Best Web Links

Survey

Whic of the following certifications would you like to get?

GPEN
GCIH
CEH
CREST
GREM
GSEC
CISSP
Security+
Other (please leave a comment)



Results
Polls

Votes: 347
Comments: 0

Who's Online

There are currently, 193 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST: ISSAF

Search on This Topic:   
[ Go to Home | Select a New Topic ]

ISSAF draft 0.2 has been released
Posted by boss on Thursday, 20 April 2006 @ 16:12:12 EDT (5250 reads)
Topic ISSAF

cdupuis writes "We are pleased to announce the release of draft 0.2 of the Information Systems Security Assessment Framework (ISSAF).

ISSAF is the product of the collaborative effort of several security professionals that aims to provide a comprehensive framework for penetration testers and systems auditors. It includes detailed techniques, procedures and tool usage examples to perform a wide range of tests for a several platforms and devices.

The document is available for download from: http://www.oissg.org/issaf.

ISSAF is maintained by the Open Information Systems Security Group (OISSG): http://www.oissg.org.

All feedback and new volunteers for the project are always welcomed ;-).

Changes from draft 0.1 include a huge amount of new and updated information. Most of the sections in draft 0.2 are in a fairly advanced stage and the document in general is ready to be used as support for most phases in real pentest engagements.

Regards,

Omar A. Herrera"

(Read More... | Score: 0)


Mapping of the ISSAF framework with the BS7799 standard
Posted by boss on Thursday, 12 January 2006 @ 11:59:48 EST (5898 reads)
Topic ISSAF

cdupuis writes "A document contributed by Balwant from the OISSG group. It shows how the ISSAF standard maps with the BS7799 standard.

You can get a copy of this mapping document at:
http://www.professionalsecuritytesters.org/modules.php?name=Downloads&d_op=viewdownload&cid=20

You can find the latest version of the ISSAF at: http://www.oissg.org/issaf0.1.7.pdf

Enjoy!

Clement


"

(Read More... | Score: 0)


The ISSAF framework is now mirrored locally
Posted by boss on Sunday, 20 February 2005 @ 21:30:50 EST (2084 reads)
Topic ISSAF

Under permission from the OISSG, you can now find a copy of the ISSAF Framework locally.  Here is a high level overview of what the ISSAF is:

The goal of the ISSAF is to provide a single point of reference for security assessment.  It is a reference that is closely aligned with real world security assessment issues and that is a value proposition for businesses. To this aim the ISSAF has the following highlevel  agenda:

Evaluate the organizations information security policies and ensure that they meet industry requirements & do not violate any applicable laws & regulations

Identify critical information systems infrastructure required for the organizations business processes and evaluate their security

Conduct vulnerability assessments & penetration tests to highlight system vulnerabilities thereby identifying weaknesses in systems, networks and applications

Evaluate controls applied to various security domains by:

    o Finding mis-configurations and rectifying them

    o Identify known and unknown risks related to technologies and address them

    o Identify known and unknown risks within your people or business processes  and address them

    o Strengthening existing processes and technologies

Prioritize assessment activities as per system criticality, testing expenses, and expected benefits

    • Educate people on performing security assessments

    • Educate people on securing systems, networks and applications

    • Provide information on:

    o The review of logging, monitoring & auditing processes

    o The building and review of Disaster Recovery Plan

    o The review of outsourcing security concerns

    • Compliance to Legal & Regulatory Standards

    • Create Security Awareness

    • Effective Management of Security Assessment Projects

    • Guarding against social engineering exploitation

    • Physical security control review

This approach is based on using the shortest path required to achieve one’s goal by finding flaws that can be exploited efficiently, with the minimal effort. The goal of this framework is to give completeness and accuracy, efficiency to security assessments.

Click HERE to download a copy of the Framework 

(Read More... | Score: 0)

Our Sponsors

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Latest Windows Tools

Latest Linux Tools

Virtual Machines VM's

Hacker's Magazine

Web & Apps Security

Scanning Service

Reverse Engineering

Vulnerabilities Research

Big Story of Today

There isn't a Biggest Story for Today, yet.

Old Articles

There isn't content right now for this block.

Wi-Fi Security


You can syndicate our news using the file backend.php or ultramode.txt


All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003-2008 by Clement Dupuis and Nathalie Lambert (Site Maintainers).

 


 

 


Page Generation: 0.35 Seconds