SEE http://auditnet.org/ -----Original Message----- From: Steven M. Christey [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 1:50 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Vulnerability Auditing Checklist
>Maybe Steven have a newer version available? Unfortunately, I haven't been able to do a major overhaul, or to refine the categories. >Would be nice with some illustrations to each vulnerability listed. Below is an updated version. There are some more sub-categories, and now most categories have some example vulnerabilities. It still needs a lot of work, but maybe it will be useful. I haven't had a chance to read it closely, but McGraw and Hoglund's new book "Exploiting Software" defines a number of specific attack patterns. There's also the OWASP WebApp Pen Test Checklist. Both of these are a good move forward in formalizing some aspects of auditing and, by extension, vulnerability research. - Steve
