Penetration Testing mailing list archives
RE: How to pick the right company for penetration testing?
From: wjnorth <wjnorth () earthlink net>
Date: Wed, 28 Jan 2004 15:04:22 -0800
Good catch there. In my opinion one can't rely on a single vulnerability scanner, which is why I typically use 2 or 3, Nessus for open source then some foo-foo commercial tool to validate and invalidate findings. Additionally, depending on what you are testing, there are a ton of application level scanners for Database, Web, App and such the like. There is no "leader" in any area, at most each tool validates the other, I've yet to rely solely on a single tool as the end-all-solution.
-Wes Sr. Information Security Engineer At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote:
That's a bold statement "leader in the space." I don't believe there is a single leader in the penetration testing space, there are choices. Answering his question about credentials, information, references might be less subjective. Regards, Eric Greenberg Chief Technical Officer NetFrameworks, Inc. http://www.NetFrameworks.com -----Original Message----- From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA [mailto:gideon () infostruct net] Sent: Monday, January 26, 2004 9:03 PM To: pen-test () securityfocus com Cc: aoyt78 () dsl pipex com Subject: How to pick the right company for penetration testing? Andy, You should investigate vulnerability scanning services. The leader in the space is Qualys >>>>>>>>>>>>>>>>>>>>> the poster's original question I'm in a position to recommend a company and would like to know, what credentials/information/references should I ask for from a company who offers such services. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- How to pick the right company for penetration testing? Andy Paton (Jan 25)
- Re: How to pick the right company for penetration testing? Nexus (Jan 25)
- RE: How to pick the right company for penetration testing? Pete Herzog (Jan 26)
- Re: How to pick the right company for penetration testing? Nexus (Jan 26)
- RE: How to pick the right company for penetration testing? Pete Herzog (Jan 26)
- <Possible follow-ups>
- RE: How to pick the right company for penetration testing? Carrick, Brian A (Jan 26)
- How to pick the right company for penetration testing? Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA (Jan 27)
- RE: How to pick the right company for penetration testing? Eric Greenberg (Jan 27)
- RE: How to pick the right company for penetration testing? Robert E. Lee (Jan 27)
- RE: How to pick the right company for penetration testing? wjnorth (Jan 29)
- Message not available
- Re: How to pick the right company for penetration testing? wjnorth (Jan 30)
- RE: How to pick the right company for penetration testing? Eric Greenberg (Jan 27)
- Re: How to pick the right company for penetration testing? Nexus (Jan 25)
- RE: How to pick the right company for penetration testing? Cure, Samuel J (Jan 27)
- Re: How to pick the right company for penetration testing? Travis Schack (Jan 28)
- RE: How to pick the right company for penetration testing? Tinus Janse van Rensburg (Jan 28)
- Re: How to pick the right company for penetration testing? Nexus (Jan 29)