jetlib.sec » Penetration Testing » Re: auditing web/mail proxies

Feeds

133322 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• December 05, 2011
• 

  Re: auditing web/mail proxies

  Posted: December 5th, 2011, 11:51pm PST

  Tags:   

  Posted by Anders Thulin on Dec 05

  An audit is intended to answer the question: does the examined system work
  according to the rules and regulations it should follow? The next question is,
  obviously, are there any such rules?
  
  That should be answered by the organization owning or otherwise managing
  the proxy: what rules should be followed? These will typically relate to the
  management of the proxy: how is access controlled, how are changes implemented,
  how are logs and backups...