Penetration Testing mailing list archives
Re: 3rd party vuln assesment firms
From: neal wise <neal.wise () assurance com au>
Date: Sun, 25 Dec 2005 13:21:47 +1100
On 24/12/2005, at 7:14 AM, Ivan Arce wrote:
I would summarize (from a provider's perspective) the msot important things as follows: - A well-defined defined scope - A well-prepared action plan including all the relevant points of contact with the customer and an agreed-upon way to communicate with them. They should be aware that the assessment will take place during weeks X-Y and they'll need to get involved. - A precise timeframe and work schedule. - A follow-up plan to act on the results.
Hi,I agree with Ivan's points here. These kinds of issues occur so regularly for us with clients that we put a presentation together to illustrate how mistakes cost them money and review opportunity:
http://www.assurance.com.au/resources/presentations/Maximizing-the- benefits-of-VA.pdf
Our point is that the last thing we want is for these kinds of mistakes to prevent more thorough assessment from occurring. It's their resources (money, time) that's being wasted.
regards, Neal ___________ Neal Wise CISSP CISA - neal.wise[at]assurance.com.au PGP: 1DAA 1F81 EE57 F975 BA41 5BBA 7C38 F9F0 522D F20E ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- 3rd party vuln assesment firms rklemaster (Dec 23)
- Re: 3rd party vuln assesment firms Erin Carroll (Dec 23)
- Re: 3rd party vuln assesment firms Ivan Arce (Dec 23)
- Re: 3rd party vuln assesment firms neal wise (Dec 24)
- Re: 3rd party vuln assesment firms raven (Dec 27)
- Re: 3rd party vuln assesment firms Roland Dobbins (Dec 27)
- RE: 3rd party vuln assesment firms Chris Serafin (Dec 28)
- Re: 3rd party vuln assesment firms Ivan Arce (Dec 23)
- Re: 3rd party vuln assesment firms Erin Carroll (Dec 23)
- Re: 3rd party vuln assesment firms Byron Sonne (Dec 23)
- <Possible follow-ups>
- RE: 3rd party vuln assesment firms Wray, Donald W (Dec 26)
- Re: 3rd party vuln assesment firms Michael Weber (Dec 27)
- Re: 3rd party vuln assesment firms InfoSecBOFH (Dec 27)
- RE: 3rd party vuln assesment firms Erin Carroll (Dec 27)
- RE: 3rd party vuln assesment firms Nathan (Dec 28)
- Re: 3rd party vuln assesment firms InfoSecBOFH (Dec 27)