Penetration Testing mailing list archives
Re: Evaluating pentesters
From: aceinyaface <aceinyaface () gmail com>
Date: Mon, 8 Mar 2010 17:50:48 -0800
Hey Tony, This is a bit dated, but I guess this is what this guy was trying to do: http://secreview.blogspot.com/I've heard a lot about Netragard and heard they provide the services you are looking for and do a very good job. FWIW.
On Mar 5, 2010, at 4:01 PM, Tony Turner wrote:
Is there some kind of "Who's Who" of penetration testing firms? Right now my primary methods for evaluating potential firms for pentestengagements are requesting sanitized reports from past tests and asking questions about their methodology. Is there some resource online I mightbe able to use to locate quality testers? I've been burned in the past with some real bad ones.. I'm looking fornetwork/systems/application/web/wireless from a PCI focused firm. Not somuch interested in physical security and social engineering tests atthis time but these services may be useful for future engagements. Alsonot interested in paying good money for someone else to just do a Kismet/Gpsmap or Nessus scan for me and hand me the scan data. Useful tools of course, but I've met a few idiots who thought that was what penetration testing was. I am in the SE United States. -- Tony L Turner CISSP, CISA, GPEN, GCIA, GSEC, VCP, ITIL-F ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Evaluating pentesters Tony Turner (Mar 08)
- Re: Evaluating pentesters Tracy Reed (Mar 08)
- Re: Evaluating pentesters security curmudgeon (Mar 11)
- Re: Evaluating pentesters David Glosser (Mar 08)
- Re: Evaluating pentesters Andre Gironda (Mar 08)
- Re: Evaluating pentesters aceinyaface (Mar 09)
- Re: Evaluating pentesters Jason Ross (Mar 09)
- Re: Evaluating pentesters Brent Huston (Mar 11)
- Re: Evaluating pentesters Shohn Trojacek (Mar 09)
- Re: Evaluating pentesters Rudra Kamal Sinha Roy (Mar 11)
- RE: Evaluating pentesters Frye, Dan (Mar 11)
- RE: Evaluating pentesters security curmudgeon (Mar 15)
- Re: Evaluating pentesters Pete Herzog (Mar 17)
- RE: Evaluating pentesters Cor Rosielle (Mar 23)
- Re: Evaluating pentesters Rudra Kamal Sinha Roy (Mar 11)
- Re: Evaluating pentesters Tracy Reed (Mar 08)
- Message not available
- Fwd: Evaluating pentesters Daniel Hood (Mar 11)
- Re: Evaluating pentesters Mohamed Farid (Mar 11)