Re: Application Assessment

From: goenw (goenw.mailinglist@gmail.com)
Date: Wed Aug 17 2005 - 22:01:42 EDT

• Next message: Ivan .: "Re: Bruteforce HTTP Basic authentification"
• Previous message: Todd Towles: "RE: Bruteforce HTTP Basic authentification"
• In reply to: Michael Gargiullo: "RE: Application Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys,

Thanks alot for all the advises given. Really appriciate it. Now I got
clearer path to continue :).
For those who offer profesional help, I'll arrange for further
arrangement after justification and direction has been made.
Right now is still in very early stages of planning.

Thanks and Regards,
goenw

Michael Gargiullo wrote:

><SNIP>
>
>If you go with a vendor, ask for a demo, preferrably a demo scan of
>one of your own servers. Then, you can choose the product/service
>that gives you the best, most useful, results.
>
><SNIP>
>
>Tom gave some great tips. The company I'm with specializes in security
>auditing. The amount of time that goes into an application assessment
>can vary greatly.
>
>It's also wise to take a multi-pronged approach. Think about it like
>this, why break into your application, when I can break your database
>server or web server in a quarter of the time?
>
>A sample vulnerability scan of your servers is quick and easy for a
>company to do. A thorough test of your application is not. Automated
>tools will only go so far, as no computer can think like a human, or
>have the ingenuity of a determined attacker.
>
>To better gauge a security company, ask for a few sample reports. See
>how they operate, check out their methodology. Ask hard questions, and
>expect real answers.
>
>I hope this helps more then it hinders you in your search.
>
>Oh... Also check out F5's Application Firewall... truly a cool device
>designed to scan your app for vulnerabilities, then protect against
>malicious people.
>
>-Mike
>
>
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: Ivan .: "Re: Bruteforce HTTP Basic authentification"
• Previous message: Todd Towles: "RE: Bruteforce HTTP Basic authentification"
• In reply to: Michael Gargiullo: "RE: Application Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:45 EDT