Penetration Testing mailing list archives
Re: Choosing an Independent Penetration Testing Firm
From: Justin Rogosky <jrogosky () gmail com>
Date: Wed, 06 Feb 2013 21:30:32 -0500
Well, I would see if you could get a sample report making sure it isn't just a nessus report with a cover sheet. I would check out their client list (assuming it is on their webpage) to make sure they have some speciality in your line of business. A lot of it is up to you too. You need to make sure you properly define the scope and are available for them to contact you. If issues arise, do you have the resources / contacts to fix them or get the information to the person who can? The first thing I would do is to make sure you need a penetration test? Have you done a vulnerability assessment? Have you looked at your security policies and made sure they are up to date and valid (adhered to may be too much to ask depending on the environment) Just my 2 cents (3 cents Canadian) --Justin On Wed, 2013-02-06 at 18:31 -0700, Remi Broemeling wrote:
Hi all, I'm currently in the process of sizing up/comparing various Penetration Testing firms, and am having a bit of trouble finding distinguishing characteristics between them. I've looked at a fair few, but they all seem to offer very similar services with little to recommend one over another. What I'm looking for is an independent firm capable of doing external penetration tests against a small datacenter cluster of hosts and then providing a report of their results (I realize that I just described the general process of penetration testing). Does anyone on here have any specific recommendations on what to look for when choosing an independent penetration testing firm? Thanks, Remi ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Choosing an Independent Penetration Testing Firm Remi Broemeling (Feb 06)
- Re: Choosing an Independent Penetration Testing Firm Justin Rogosky (Feb 06)
- Re: Choosing an Independent Penetration Testing Firm Sergey Soldatov (Feb 07)
- Re: Choosing an Independent Penetration Testing Firm Anders Thulin (Feb 07)
- Re: Choosing an Independent Penetration Testing Firm Owen Connolly (Feb 07)
- Re: Choosing an Independent Penetration Testing Firm Eric Schultz (Feb 07)
- Re: Choosing an Independent Penetration Testing Firm Justin Rogosky (Feb 06)