Full Disclosure mailing list archives
Re: [Professional IT Security Providers - Exposed] Denim Group ( A - )
From: "SecReview" <secreview () hushmail com>
Date: Fri, 14 Dec 2007 16:55:30 -0500
Peter, Simple, they are a good company and they got a good review. We're not in the business of bashing anyone, just in the business of being honest. We'll leave the bashing up to the wannabe infosec teenagers. ;) On Fri, 14 Dec 2007 16:48:59 -0500 Peter Dawson <slash.pd () gmail com> wrote:
woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview <secreview () hushmail com> wrote:The Denim Group <http://www.denimgroup.com/service.html> locatedathttp://www.denimgroup.com is SecurityServices<http://www.denimgroup.com/service.html>Provider that focuses strictly on WebApplication Security Services<http://www.denimgroup.com/service.html>. Weasked them why they chose the name DenimGroup<http://www.denimgroup.com/service.html>and they said that it was a marketing idea that enables them to stand outfrom the rest of the providers. (the name was actually thoughtup by afounders X wife) As it turns out, it was a good idea and itworks! When wethink Denim Group <http://www.denimgroup.com/service.html> thefirst thingthat comes to mind is Clothing and what the hell does that haveto doApplication Security? Can't forget the name and the total lackofcorrelation. Aside from the name, we are actually pleased with what we foundwhen wereviewed the Denim Group<http://www.denimgroup.com/service.html>. When wespoke with John Dickson we learned a lot about theirmethodology. We learnedthat the Denim Group <http://www.denimgroup.com/service.html>does useautomated tools such as WebInspect to perform preliminary scansagainsttarget applications. They also use tools like fortify to performsource codereviews. That being said, automation only covers about 20% ofthe workloadfor the services that they deliver. The remaining 80% of the workload is done by high talent WebApplicationSecurity Specialists that truly understand how to harden a WebApplication.They not only look for the common issues like Cross SiteScripting (NoSacure, its not called Cross-Site Shipping) , Cross Site RequestForgery,Remote File Inclusion, etc. but they also look for logic issuesand othertypes of design flaws. The Denim Group <http://www.denimgroup.com/service.html> doesuse tools tohelp them perform their manual testing, as do most worthysecurityproviders. The tools that they use are special interceptionproxies thatenable them to view and manipulate conversations between clientand server,amongst other similar manually intensive tools. This enables theDenimGroup <http://www.denimgroup.com> to truly impact the quality oftheirdeliverables with strong manual testing. All in all, if you are looking for a provider to perform WebApplicationSecurity type services, we think that the Denim Group <http://www.denimgroup.com/service.html>is a great fit. If youare lookingfor a full service Professional Security Services shop, wellyou'll probablyhave to look somewhere else because they do not offer NetworkPenetrationTesting Services, Vulnerability Assessments, etc. That beingsaid we were soimpressed with the Denim Group<http://www.denimgroup.com/service.html>and the caliber of their service offerings, that we decided to give them anA-. The only reason why they didn't get an A or an A+ is becausethey aretechnically not a full service shop. So, we recommend using theDenimGroup, <http://www.denimgroup.com/> they kick ass! If you'd like to comment on this, please visit http://secreview.blogspot.com and post a comment. If you feelthat thispost is inaccurate, please let us know why and we'll consideryour opinionfor a review. Thanks for reading! -- Posted By secreview to Professional IT Security Providers -Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at 12/14/2007 12:13:00 PM_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Regards, The Secreview Team http://secreview.blogspot.com Professional IT Security Service Providers - Exposed -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/Ioyw6h4d5AHdkxYlplI5ZkAgC6ob5NQ5aaMxZFtx3k6dgTsKZOfcyE/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Professional IT Security Providers - Exposed] Denim Group ( A - ) SecReview (Dec 14)
- Re: [Professional IT Security Providers - Exposed] Denim Group ( A - ) Paul Melson (Dec 16)