Penetration Testing mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:32:03 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Deri Jones [mailto:Deri.Jones () NTA-MONITOR COM] Sent: Tuesday, 12 September, 2000 7:24 PM To: PEN-TEST () SECURITYFOCUS COM
[...]
I'm not even sure that if we polled a percentage of our >200 customers, that they would really know why they think we're good. Their staff are just not familiar enough with testing to be able to judge. (but maybe I'm making a fuss over nothing here - maybe it's the same when you take the car down the repair shop - when they say you need a new fu-fu valve, well - do you respect them more because they found that out, or suspect that they're exploiting your ignorance to sell repairs you don't need...:<)
Well, that's easy. Get the car serviced there a couple of times, then check it out yourself. Went through a couple of repair shops that way. (the same hard-to-get-at-parts sjowed up on the bill almost everytime, when I checked they were still orig.) Applying that to pen-testers might be a lil' more difficult, bt can be done. SaS
If banking is your livelyhood (and considering what the public perception of your bank would be if it were ever hacked) Iwould probablyelect to have multiple pen-tests performed by different companies.
Amn to that!!
And just how many banks actually do that year on year... not more than 10 or 20% I'd say. And how many banks are tested more than once a year... same % is my guess.
I would even say doing that (and being able to porve it) would be good advertisment. At least for me, I'd prefer a bank that's regularely tested for sec. just like my car ;-> Anybody knows of (online-)banks in europe doing that? SaS -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Int. Comment: Even paranoiacs have enemies! iQA/AwUBOb8Q7PNEKPH/spuMEQJ7mQCfX6nuBF5hhcretloZfcgL7V1TkSUAoOOs a4cHoo1gPRWql+chw6sv7QTP =lrz9 -----END PGP SIGNATURE-----
Current thread:
- Re: [PEN-TEST] Cost of Penetration Testing, (continued)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing H Carvey (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic edison (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Teicher, Mark (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)