Penetration Testing mailing list archives
Re: Evaluating pentesters
From: Brent Huston <lbhlists () gmail com>
Date: Tue, 9 Mar 2010 13:39:07 -0400
Obtain and check references, do a Google search on the company name and the names of the principles. Check for real capabilities, research, contributions to the security community. A little research will set apart the real security teams from the "scan and forget" vendors. It just takes a little time and energy. 15 mins per vendor and a browser will make it all make sense. On Mar 9, 2010, at 12:55 AM, Jason Ross wrote:
On Fri, Mar 5, 2010 at 7:01 PM, Tony Turner <tony_l_turner () yahoo com> wrote:Is there some kind of "Who's Who" of penetration testing firms?In theory, there is; see http://securityscoreboard.com In practice, there's a lot of security companies listed on the site which have little information about them posted. That's largely due to the fact that the site is really just starting to gain momentum, but it still means that not a lot of data is available. Still, even without the full realisation of user scores and such, it's a helpful resource IMO. Specifically, it provides a very nice list of security companies broken down into specific categories. As folks start becoming aware of the site and using it, the rest will (hopefully) fall into place soon. -- Jason ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Evaluating pentesters Tony Turner (Mar 08)
- Re: Evaluating pentesters Tracy Reed (Mar 08)
- Re: Evaluating pentesters security curmudgeon (Mar 11)
- Re: Evaluating pentesters David Glosser (Mar 08)
- Re: Evaluating pentesters Andre Gironda (Mar 08)
- Re: Evaluating pentesters aceinyaface (Mar 09)
- Re: Evaluating pentesters Jason Ross (Mar 09)
- Re: Evaluating pentesters Brent Huston (Mar 11)
- Re: Evaluating pentesters Shohn Trojacek (Mar 09)
- Re: Evaluating pentesters Rudra Kamal Sinha Roy (Mar 11)
- RE: Evaluating pentesters Frye, Dan (Mar 11)
- RE: Evaluating pentesters security curmudgeon (Mar 15)
- Re: Evaluating pentesters Pete Herzog (Mar 17)
- RE: Evaluating pentesters Cor Rosielle (Mar 23)
- Re: Evaluating pentesters Rudra Kamal Sinha Roy (Mar 11)
- Re: Evaluating pentesters Tracy Reed (Mar 08)
- Message not available
- Fwd: Evaluating pentesters Daniel Hood (Mar 11)
- Re: Evaluating pentesters Mohamed Farid (Mar 11)
- <Possible follow-ups>
- Re: Evaluating pentesters ben . dexter (Mar 11)
- Re: Evaluating pentesters Daniel Clemens (Mar 11)