Re: JIRA Pentest

[Bog Witch <iambogwitch () gmail com>]

Hi,

Sorry, I think you misunderstood. I am looking for a company (or
contractor) that has recent, specific experience of testing a JIRA
installation for a potential short-term contract for a friend of mine.
I appreciate that I could DL and install or even mirror the
installation but he is hoping to have a professional test done rather
than the 'enthusiastic amateur' test that I would perform as I do not
have experience of JIRA specifically.

Cheers,

Bog

On Tue, Oct 18, 2011 at 8:54 PM,  <securityfocus () rawchaos com> wrote:
> The free version of Jira (I believe it's a 30 day trial) is exactly the same as the commerical product.  The only 
> difference between all of the download pay versions is how many user licenses you are allowed (so the $10 version 
> would be just as good if you need more than 30 days).
>
> The hosted (managed) versions of Jira will probably be different, but I doubt that is what you are looking to do 
> research on.
>
> Aside from that it's a pretty standard Tomcat application.
>
> -a
>
>
> On Tue, Oct 18, 2011 at 04:28:34PM +0100, Bog Witch wrote:
> > All,
> >
> > Is there anyone on this list with commercial JIRA pentest exposure?
> >
> > Please email responses directly.
> >
> > Thanks,
> >
> > Bog

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------