Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- )

["SilentRunner" <silentrunner () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you an idiot?

It is certainly more than possible that Audit Serve are a low
quality one-size-fits-all merchant. It is also equally possible
that they have developed a high quality automated tool that covers
all the basics and provides them a lead to upsell more advanced
services. That's business, you get what you pay for.

You don't know because you read their website with the critical eye
of a self-important nerd, trying to be something you aren't (IE
professional). You might as well write a car review by reading the
financial reports of the car manufacturer.

What you should have done at the very least is purchased their
service and asked them to test elements of your pre-configured and
properly baselined honey-net against known criteria. I'm guessing
that your student loan doesn't stretch beyond partying or you might
have produced something useful, muppet.

SR





On Mon, 17 Dec 2007 20:46:59 +0000 secreview
<secreview () hushmail com> wrote:
> We found Audit Serve, Inc., run by Mitchell H. Levine, by
> searching
> for "Penetration Testing" on Google. Audit Serve, Inc. offers, IS
> Auditing, Integrated Auditing, Sarbanes-Oxley Implementation
> Services,
> Sarbanes-Oxley Ongoing Compliance Services, PCI, Security
> andInternet
> Vulnerability Assessment & Penetration Testing Services.Our first
> impression of Audit Serve, Inc. was that they were a "rubber stamp

> of
> approval" shop that offers services that will do nothing to truly
> raise
> your proverbial security bar but will let you fill in your
> security
> checklist. This impression was made so quickly because of the
> $495.00
> price quote on their main page. It reads "Internet Vulnerability
> Assessment & Penetration Testing starting at $495". (Just as an
> FYI, it
> is impossible to perform any human driven professional security
> services for that price. The cost of talent is simply too
> high.)When
> digging into their services we quickly realize that our initial
> impression of Audit Serve was accurate. They are in fact a "rubber
> stamp of approval" shop. Their security service deliverables
> appear to
> be the product of automated scanners (QualysGuard) and not the
> product
> of human talent. This also coincides with them being able to
> offer "Internet Vulnerability Assessment & Penetration Testing"
> services starting at $495, as no human element is incorporated
> into the
> deliverable based on what we saw.If you do not care about the
> security
> of your IT Infrastructure, and only want to get the "rubber stamp
> of
> approval" then Audit Serve, Inc. is your one stop shop. If on the
> other
> hand you do care about the security of your IT infrastructure,
> then
> we'd suggest finding a different provider.Grade Note:We're giving
> Audit
> Serve an F- for two reasons. The first reason is that they appear
> to be
> in the Information Security business to make a buck by providing
> people
> with the "rubber stamp of approval". In doing so they are actually
> doing a disservice to the IT community, and the IT Security
> Community.
> The second reason why we are giving them an F- is because their
> security services appear to use no human element and rely strictly

> on
> automated scanning (QualysGuard). If you feel that this grade is
> too
> harsh, let us know.
>
> --
> Posted By secreview to Professional IT Security Providers -
> Exposed at
> 12/17/2007 10:28:00 AM
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkdno3QACgkQBGNKW24YMAdgdQP/TA5U7d8HZSHk/cQoQOCKgDQvpLkQ
ayexXEqDtW0TrbAU1BZHxzujA2GG/MlbC0lNoFCzPwrq9N3ILVtVoLmsX5g40N69wJG9
/N2Xx9eT/6/uUg6ioOB/Wx1tIZAsF1iQg3IJRNulh5WZH9Ei0CKaI0EyeorwvrC/j2lI
IpeDHmA=
=KlZy
-----END PGP SIGNATURE-----


--
Click for free information on accounting careers, $150/hour potential.
http://tagline.hushmail.com/fc/Ioyw6h4dCeUAEVDGVKE0knhfHdLY0rr9eRpPzDRV43O7OvYyeToMpK/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/