Post Mon Mar 16, 2009 7:30 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

I'm late to the party, but I just couldn't help throw a few more thoughts into here.


cnickerson wrote:Q: On a PenTest team, what is the best way to collaborate what you have found? I pentest and I have found that communication break down is one of the biggest problems within the PT team social context.
.....

#3 P0wned list. Mae a secured Wiki, have a shared doc..  or use collaboration frameworks to take notes for juicy intel and info. Review this list with the whole team daily for large projects and  every half day for smaller gigs.



For this function, I'd suggest checking out Dradis.  http://dradis.nomejortu.com/

It's a work in progress, but at Foreground we've already started testing it and we're thinking about putting it in production.


cnickerson wrote:#4 Leverage traditional PM skills


Since traditional pen-tests aren't highly complex projects, you don't need a full-scale PM.  Here's where a student intern can really help out - I'm a big fan of finding someone in a local college who is looking to become a project manager... they can learn to PM, track data, track progress, etc.  And you get a resource appropriate for the level required. 

Depends on the project, of course. 
--
Mike Murray
MAD Security / The Hacker Academy

Email - mmurray@thehackeracademy.com
Phone - 773-360-0658
Twitter: http://www.twitter.com/mmurray