Announcing the incident response program pack 1.0
Announcing the Bug Bounty program pack 1.0

Announcing the External Penetration Testing program pack 1.0

Introduction

I have built out several penetration testing programs, both internally and externally at companies such as eBay, Paypal, and Box to name a few. Before you have the resources for an internal penetration testing program, you're going to need to work with external vendors to perform your testing. This release pack outlines the process I have used successfully, for more than a decade, for kicking off and managing an external pentest.

Robert Auger (@robertauger)

External Penetration Testing Program Release Pack 1.0

I'm pleased to announce our second release, the External Penetration Testing Program release pack. This release contains everything you need to scope your first pentest, work with a vendor, execute, and get the types of reports you need from an external tester. This will enable you to perform your first product or infrastructure level penetration test, and provide you with a process moving forward for future engagements.

In this pack, we cover:
Preparation Checklist: This checklist outlines everything you need to scope and perform an external penetration test with a third party.
Penetration Testing Reporting Requirements: This document provides a list of minimal requirements that should be contained within a penetration testing report. Before finalizing a SOW with the vendor, look here first.
Penetration Testing Process Workflow: An outline of a simplified pentesting process with an external tester. It aligns roughly with the content in the penetration testing checklist.

Download on GitHub:

https://github.com/securitytemplates/sectemplates/tree/main/external-penetration-testing

About SecTemplates

To provide simplified, free, and usable open-source templates to enable engineering and smaller security teams to bootstrap security capabilities in their organizations.

Upcoming releases - Bug Bounty Program Pack 1.0

Our bug bounty release pack will provide you with everything you'd need to establish a bugbounty program. This includes working with a vendor, establishing a private bug bounty, and ultimately moving to a public bug bounty. This release pack is not sponsored, or influenced by any particular bug bounty vendor and is neutral to vendor biases and influence.

Previous release - Security incident response release pack 1.0

The goal of this release is to provide you with everything you need to establish a functioning security incident response program at your company.

Download on GitHub: https://github.com/securitytemplates/sectemplates/tree/main/external-penetration-testing/v1 

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)