Re: 3rd party vuln assesment firms

[neal wise <neal.wise () assurance com au>]

On 24/12/2005, at 7:14 AM, Ivan Arce wrote:

> I would summarize (from a provider's perspective) the msot important
> things as follows:
> - A well-defined defined scope
> - A well-prepared action plan including all the relevant points of
> contact with the customer and an agreed-upon way to communicate with
> them. They should be aware that the assessment will take place during
> weeks X-Y and they'll need to get involved.
> - A precise timeframe and work schedule.
> - A follow-up plan to act on the results.


Hi,

I agree with Ivan's points here.  These kinds of issues occur so  
regularly for us with clients that we put a presentation together to  
illustrate how mistakes cost them money and review opportunity:

http://www.assurance.com.au/resources/presentations/Maximizing-the- 
benefits-of-VA.pdf

Our point is that the last thing we want is for these kinds of  
mistakes to prevent more thorough assessment from occurring. It's  
their resources (money, time) that's being wasted.

regards,

Neal
___________
Neal Wise CISSP CISA - neal.wise[at]assurance.com.au
PGP: 1DAA 1F81 EE57 F975 BA41  5BBA 7C38 F9F0 522D F20E





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------