Penetration Testing mailing list archives
RE: 3rd party vuln assesment firms
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Tue, 27 Dec 2005 21:52:02 -0800
Glad to be of help Rob. One thing that wasn't really covered in the personal pet peeve tangent the majority of us jumped into was actual company recommendations. A lot depends on what your needs boil down to and there are companies big and small that can work with you to meet them. In the past I have personally done pen-test work both independently and in conjunction with other companies as a sub-contractor. You may want to inquire if the people they'll have working on your site are employees or "hired guns". Don't be afraid to ask for credentials or sanitized portfolios of previous work to garner some idea of their work quality. If you are based in CA and are looking for a smaller firm with experience with large network organizations you may want to check out Olosec Security (full disclosure: I have worked for them previously). Drop me a note off-list if you want contact info etc. Any other suggestions or real-world experiences out there from list members with other security firms? It's not often I'll allow sales-pitches to the list but if you keep it short and to the point you vendors can get in on this discussion too :) -Erin Carroll Moderator SecurityFocus pen-test list
-----Original Message----- From: rklemaster () hotmail com [mailto:rklemaster () hotmail com] Sent: Tuesday, December 27, 2005 10:23 AM To: pen-test () securityfocus com Subject: Re: 3rd party vuln assesment firms Thanks guys, your input was very helpful, esp. Erin, Nathan, etc. We will be following up on the info as the project moves forward. Best, -rob -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- ----------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.8/215 - Release Date: 12/27/2005
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.8/215 - Release Date: 12/27/2005 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: 3rd party vuln assesment firms, (continued)
- Re: 3rd party vuln assesment firms raven (Dec 27)
- Re: 3rd party vuln assesment firms Roland Dobbins (Dec 27)
- RE: 3rd party vuln assesment firms Chris Serafin (Dec 28)
- Re: 3rd party vuln assesment firms raven (Dec 27)
- Re: 3rd party vuln assesment firms Byron Sonne (Dec 23)
- RE: 3rd party vuln assesment firms Wray, Donald W (Dec 26)
- Re: 3rd party vuln assesment firms Michael Weber (Dec 27)
- Re: 3rd party vuln assesment firms InfoSecBOFH (Dec 27)
- RE: 3rd party vuln assesment firms Erin Carroll (Dec 27)
- RE: 3rd party vuln assesment firms Nathan (Dec 28)
- Re: 3rd party vuln assesment firms InfoSecBOFH (Dec 27)
- RE: 3rd party vuln assesment firms Erin Carroll (Dec 27)
- Re: FW: 3rd party vuln assesment firms Peter Wood (Dec 29)