Penetration Testing mailing list archives
Re: "PenTest" a container file
From: Javier Fernández-Sanguino <jfernandez () germinus com>
Date: Mon, 29 Jan 2007 09:11:28 +0100
Thor (Hammer of God) dijo:
modem. I mean, what kind of application development company using their own encryption algorithm would hire someone to crack it who has to post to PenTest for advice on what his first steps should be?
You will be surprised at the number of companies (even govt's) that do not do proper background checking of the companies they hire for security. Some companies/agencies just look at the money of the proposal and hire the cheapest guys around.
From my experience, some european companies that have to run audits every year (typically "summarised" to a pentest) and cannot repeat with the same company until X years go by [1] will sometimes contract some very lame company with good "presence" and no skills.
Regards Javier[1] Due to legitimate concerns of companies "getting comfortable" and not doing proper work the second time around.
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- "PenTest" a container file Julien (Jan 18)
- Re: "PenTest" a container file Steve Friedl (Jan 18)
- Re: "PenTest" a container file Benjamin Anderson (Jan 18)
- <Possible follow-ups>
- Re: "PenTest" a container file Thor (Hammer of God) (Jan 19)
- Re: "PenTest" a container file Javier Fernández-Sanguino (Jan 29)
- Re: "PenTest" a container file Jan Heisterkamp (Jan 30)
- Re: "PenTest" a container file Javier Fernández-Sanguino (Jan 29)