Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Professional IT Security Providers - Exposed] Denim Group ( A - )

From: "SecReview" <secreview () hushmail com>
Date: Fri, 14 Dec 2007 16:55:30 -0500
Peter, 
   Simple, they are a good company and they got a good review. 
We're not in the business of bashing anyone, just in the business 
of being honest. We'll leave the bashing up to the wannabe infosec 
teenagers. ;)

On Fri, 14 Dec 2007 16:48:59 -0500 Peter Dawson 
<slash.pd () gmail com> wrote:

woots with da pimping post  ?

On Dec 14, 2007 3:49 PM, secreview <secreview () hushmail com> wrote:


The Denim Group <http://www.denimgroup.com/service.html> located 

at

http://www.denimgroup.com is Security 

Services<http://www.denimgroup.com/service.html>Provider that 
focuses strictly on Web

Application Security Services 

<http://www.denimgroup.com/service.html>. We

asked them why they chose the name Denim 

Group<http://www.denimgroup.com/service.html>and they said that it 
was a marketing idea that enables them to stand out

from the rest of the providers. (the name was actually thought 

up by a

founders X wife) As it turns out, it was a good idea and it 

works! When we

think Denim Group <http://www.denimgroup.com/service.html> the 

first thing

that comes to mind is Clothing and what the hell does that have 

to do

Application Security? Can't forget the name and the total lack 

of

correlation.

Aside from the name, we are actually pleased with what we found 

when we

reviewed the Denim Group 

<http://www.denimgroup.com/service.html>. When we

spoke with John Dickson we learned a lot about their 

methodology. We learned

that the Denim Group <http://www.denimgroup.com/service.html> 

does use

automated tools such as WebInspect to perform preliminary scans 

against

target applications. They also use tools like fortify to perform 

source code

reviews. That being said, automation only covers about 20% of 

the workload

for the services that they deliver.

The remaining 80% of the workload is done by high talent Web 

Application

Security Specialists that truly understand how to harden a Web 

Application.

They not only look for the common issues like Cross Site 

Scripting (No

Sacure, its not called Cross-Site Shipping) , Cross Site Request 

Forgery,

Remote File Inclusion, etc. but they also look for logic issues 

and other

types of design flaws.

The Denim Group <http://www.denimgroup.com/service.html> does 

use tools to

help them perform their manual testing, as do most worthy 

security

providers. The tools that they use are special interception 

proxies that

enable them to view and manipulate conversations between client 

and server,

amongst other similar manually intensive tools. This enables the 

Denim

Group <http://www.denimgroup.com> to truly impact the quality of 

their

deliverables with strong manual testing.

All in all, if you are looking for a provider to perform Web 

Application

Security type services, we think that the Denim Group
<http://www.denimgroup.com/service.html>is a great fit. If you 

are looking

for a full service Professional Security Services shop, well 

you'll probably

have to look somewhere else because they do not offer Network 

Penetration

Testing Services, Vulnerability Assessments, etc. That being 

said we were so

impressed with the Denim Group 

<http://www.denimgroup.com/service.html>and the caliber of their 
service offerings, that we decided to give them an

A-. The only reason why they didn't get an A or an A+ is because 

they are

technically not a full service shop. So, we recommend using the 

Denim

Group, <http://www.denimgroup.com/> they kick ass!

If you'd like to comment on this, please visit
http://secreview.blogspot.com and post a comment. If you feel 

that this

post is inaccurate, please let us know why and we'll consider 

your opinion

for a review. Thanks for reading!

--
Posted By secreview to Professional IT Security Providers - 

Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at 
12/14/2007 12:13:00 PM

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Regards, 
      The Secreview Team
      http://secreview.blogspot.com
      Professional IT Security Service Providers - Exposed

--
Click to become an artist and quit your boring job.
http://tagline.hushmail.com/fc/Ioyw6h4d5AHdkxYlplI5ZkAgC6ob5NQ5aaMxZFtx3k6dgTsKZOfcyE/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: