From: Cure, Samuel J (scure@kpmg.com)
Date: Tue Jan 27 2004 - 14:07:05 EST
Andy,
I would first make sure that the company is looking for an actual
penetration test rather than a scan. The term penetration test tends to get
misused as most clients actually want a scan. As far as scanning tools, each
has unique properties and not all tools cover the same security concerns. As
long as the tools that are used are CVE compliant, there is a better chance
of covering critical vulnerabilities that are agreed upon within the
security community. If you need further help with qualifying security
services, contact me and I will be glad to help.
Thanks.
Samuel J. Cure
KPMG LLP, Risk and Advisory Services
-----Original Message-----
From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA
[mailto:gideon@infostruct.net]
Sent: Monday, January 26, 2004 9:03 PM
To: pen-test@securityfocus.com
Cc: aoyt78@dsl.pipex.com
Subject: How to pick the right company for penetration testing?
Andy,
You should investigate vulnerability scanning services. The leader in the
space is Qualys (http://www.qualys.com). In general scanning services offer
the following... You configure the service, it scans the IP addresses you
assign and you download reports over https. The reports have an executive
overview, specific details of each vulnerability, links to advisories and
patches. The scans can be scheduled for time, date and/or interval (i.e.
weekly, monthly, etc.). Quite good really.
I recommend that you sign up for a sample scan. You have nothing to loose.
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CFSO, CFSA, SCSA
Boca Raton, FL
gideon@infostruct.net
-----Original Message-----
From: Andy Paton [mailto:aoyt78@dsl.pipex.com]
Sent: 25 January 2004 21:54
To: pen-test@securityfocus.com
Subject: How to pick the right company for penetration testing?
Hi Guys & Girls
I have a customer who would like to engage with a security partner for
penetration testing service in the UK.
I'm in a position to recommend a company and would like to know, what
credentials/information/references should I ask for from a company who
offers such services.
Regards
AP
P.S. I don't mind obvious touting for business (I will only pick a UK
company)
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT