Educause Security Discussion mailing list archives
Re: third party pentesting services and pentesting RFP
From: Brian J Smith-Sweeney <bsmithsweeney () NYU EDU>
Date: Fri, 8 Apr 2011 16:09:50 +0000
I'll give a strong recommendation for SensePost - they're a relatively small shop of highly skilled pen testers out of South Africa. They do a fair bit of research and publish and present at major conferences regularly. Most of our internal folks have taken classes from them and we've used them on one project with better results than any other vendor we've engaged. I'm happy to discuss this more offline if you like. My opinion - admittedly based on a bit of personal experience and hallway conversations at security cons - is that you go with a smaller skilled shop if you want more in-depth technical results, and you go with a larger shop if you want a name folks will recognize for CYA purposes. If you're interested I can provide a longer list of places we considered before our recent outsource engagement. Cheers, Brian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Smith-Sweeney Project Lead ITS Technology Security Services, New York University http://www.nyu.edu/its/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Thu, Apr 7, 2011 at 7:45 PM, Youngquist, Jason R. <jryoungquist () ccis edu> wrote:
We are looking at having some pentesting done by a third party. This would include network pentesting, web application assessment, and social engineering. I was wondering if anyone had any recommendations for vendors that provide such services. Also, does anyone have any pentesting RFP they would be willing to share? Feel free to email me off list. Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
Current thread:
- Do you have a recommendation for Streaming Video Service and Media Storage Repository? Nick Recchia (Apr 05)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- Re: third party pentesting services and pentesting RFP Jeff Howlett (Apr 07)
- Re: third party pentesting services and pentesting RFP Brian J Smith-Sweeney (Apr 08)
- Re: third party pentesting services and pentesting RFP Leilani Lauger (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Gioia, Matthew P. (Apr 07)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- SLA for Non IT Managed Server? Kris Monroe (Apr 12)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: SLA for Non IT Managed Server? Martin Manjak (Apr 13)
- Re: SLA for Non IT Managed Server? Semmens, Theresa (Apr 13)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)