Penetration Testing mailing list archives
RE: Recommended Web-Based Application Security Companies
From: "Josh Perrymon" <perrymonj () networkarmor com>
Date: Thu, 20 Oct 2005 09:51:00 -0500
So what makes one company stand apart from another company? Price? Talent? How do the deliverable reports vary from each company? To me one aspect that is very important is the reporting process... too often the reports are based on tool printouts. For instance- I'm really impressed with the tool "Core Impact" for ease-of-use in rapid penetrations... But doesn't that take a little out of the entire process? I can see where it makes the bottom line better with rapid turn-over on engagements but it seems to take out too much of the hands on aspect of it... But again-- I do this work because I have a passion for it.. not for the bottom line :) -JP -----Original Message----- From: Thomas Ryan [mailto:tryan () siegeworksint com] Sent: Thursday, October 20, 2005 1:15 AM To: secmail.lists () gmail com Cc: pen-test () securityfocus com Subject: Re: Recommended Web-Based Application Security Companies I am a firm believer in fair competition and due diligence when it comes = to Pen Testing. I would suggest not looking for one company, but multiple companies. Have a formal RFP Process and evaluate vendors based on your company's cr= iteria. A few companies I can speak for that have serious talent and some of whic= h we are in constant competition with: SiegeWorks International http://www.siegeworksint.com NET2S http://www.net2s.com Foundstone (McAfee) http://www.foundstone.com @Stake (Symantec) http://www.atstake.com INS http://www.ins.com FishNET http://www.fishnetsecurity.com Thomas Ryan Senior Security Consultant SiegeWorks International tom () siegeworksint com http://www.siegeworksint.com ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Recommended Web-Based Application Security Companies secmail . lists (Oct 18)
- <Possible follow-ups>
- Re: Recommended Web-Based Application Security Companies Kurt Keys (Oct 19)
- Re: Recommended Web-Based Application Security Companies Thomas Ryan (Oct 19)
- RE: Recommended Web-Based Application Security Companies Josh Perrymon (Oct 20)
- RE: Recommended Web-Based Application Security Companies Dhruv Soi (Oct 22)
- Re: Recommended Web-Based Application Security Companies secmail4karen (Oct 23)