Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
6Activity
0 of .
Results for:
No results containing your search query
P. 1
issaf0.1-5

issaf0.1-5

Ratings:

4.0

(1)
|Views: 1,149|Likes:
Published by john

More info:

Categories:Types, Research
Published by: john on Dec 26, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

05/09/2014

 
IInnffoorrmmaattiioonnSSyysstteemmss SSeeccuurriittyyAAsssseessssmmeenntt FFrraammeewwoorrkk((IISSSSAAFF)) DDrraafftt00..11..55 
Karmil Asgarally
 
Jeremy Martin
 
Dieter Sarrazyn
 
Miguel Dilaj
 
Johnny Long
 
Umesh Chavan
 
Ross Patel
 
Bob Johnston
 
Rama KSubramaniam
 
Clement Dupuis
 
Piero Brunati
 
Omar Herrera
 
Key Contributors
 
Balwant Rathore
 
Author
 
 
TABLE OF CONTENTS1
 
ABOUT ISSAF......................................................................................................................................3
 
2
 
ASSESSMENT FRAMEWORK.......................................................................................................21
 
3
 
ENGAGEMENT MANAGEMENT..................................................................................................44
 
4
 
BEST PRACTICES– PRE ASSESSMENT, ASSESSMENT AND POST ASSESSMENT .........58
 
5
 
ENTERPRISE SECURITY POLICY...............................................................................................95
 
6
 
ENTERPRISE SECURITY ORGANIZATION & MANAGEMENT.........................................108
 
7
 
ASSESS ENTERPRISE SECURITY & CONTROLS..................................................................114
 
A
 
PENETRATION TESTING - METHODOLOGY........................................................................115
 
B
 
PENETRATION TESTING METHODOLOGY: DESCRIPTIVE – (CONTINUE….)............125
 
C
 
PASSWORD SECURITY................................................................................................................269
 
D
 
PASSWORD CRACKING STRATEGIES....................................................................................325
 
E
 
UNIX /LINUX SYSTEM SECURITY ASSESSMENT.................................................................344
 
F
 
WINDOWS SYSTEM SECURITY ASSESSMENT......................................................................387
 
G
 
NOVELL NETWARE SECURITY ASSESSMENT.....................................................................460
 
H
 
DATABASE SECURITY ASSESSMENT......................................................................................462
 
I
 
WLAN SECURITY ASSESSMENT...............................................................................................515
 
J
 
SWITCH SECURITY ASSESSMENT...........................................................................................538
 
K
 
ROUTER SECURITY ASSESSMENT..........................................................................................573
 
L
 
FIREWALL SECURITY ASSESSMENT......................................................................................617
 
M
 
INTRUSION DETECTION SYSTEM SECURITY ASSESSMENT...........................................666
 
N
 
VPN SECURITY ASSESSMENT...................................................................................................690
 
O
 
ANTI-VIRUS SYSTEM SECURITY ASSESSMENT AND MANAGEMENT STRATEGY...700
 
P
 
WEB APPLICATION SECURITY ASSESSMENT.....................................................................716
 
Q
 
WEB APPLICATION SECURITY (CONTINUE…) – SQL INJECTIONS..............................774
 
R
 
WEB APPLICATION SECURITY (CONTINUE…) WEB SERVER SECURITYASSESSMENT...........................................................................................................................................804
 
S
 
STORAGE AREA NETWORK (SAN) SECURITY.....................................................................816
 
T
 
INTERNET USER SECURITY......................................................................................................826
 
U
 
AS 400 SECURITY...........................................................................................................................832
 
V
 
LOTUS NOTES SECURITY...........................................................................................................860
 
W
 
SOURCE CODE AUDITING .....................................................................................................865
 
X
 
BINARY AUDITING.......................................................................................................................866
 
Y
 
APPLICATION SECURITY EVALUATION CHECKS.............................................................867
 
8
 
SOCIAL ENGINEERING...............................................................................................................871
 
9
 
PHYSICAL SECURITY ASSESSMENT.......................................................................................898
 
10
 
ENTERPRISE SECURITY OPERATIONS MANAGEMENT...............................................906
 
 
 
PPaaggee22oo11112233
 
11
 
SECURITY AWARENESS AND TRAINING..........................................................................929
 
12
 
OUTSOURCING SECURITY CONCERNS.............................................................................938
 
13
 
BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY .............................939
 
BUSINESS CONTINUITY PLANNING.................................................................................................940
 
DISASTER RECOVERY PLANNING...................................................................................................943
 
14
 
LEGAL AND REGULATORY COMPLIANCE......................................................................983
 
15
 
INCIDENT ANALYSIS...............................................................................................................986
 
KNOWLEDGE BASE...............................................................................................................................996
 
1
 
BUILD FOUNDATION...................................................................................................................997
 
2
 
DESKTOP SECURITY CHECK-LIST - WINDOWS................................................................1031
 
3
 
LINUX SECURITY CHECK-LIST..............................................................................................1037
 
4
 
SOLARIS OPERATING SYSTEM SECURITY CHECK-LIST...............................................1040
 
5
 
PENETRATION TESTING LAB DESIGN.................................................................................1062
 
6
 
LINKS..............................................................................................................................................1073
 
7
 
TEMPLATES / OTHERS..............................................................................................................1102