RE: 3rd party vuln assesment firms

From: Erin Carroll (amoeba@amoebazone.com)
Date: Wed Dec 28 2005 - 00:52:02 EST


Glad to be of help Rob.

One thing that wasn't really covered in the personal pet peeve tangent the
majority of us jumped into was actual company recommendations. A lot depends
on what your needs boil down to and there are companies big and small that
can work with you to meet them. In the past I have personally done pen-test
work both independently and in conjunction with other companies as a
sub-contractor. You may want to inquire if the people they'll have working
on your site are employees or "hired guns". Don't be afraid to ask for
credentials or sanitized portfolios of previous work to garner some idea of
their work quality.

If you are based in CA and are looking for a smaller firm with experience
with large network organizations you may want to check out Olosec Security
(full disclosure: I have worked for them previously). Drop me a note
off-list if you want contact info etc.

Any other suggestions or real-world experiences out there from list members
with other security firms? It's not often I'll allow sales-pitches to the
list but if you keep it short and to the point you vendors can get in on
this discussion too :)

-Erin Carroll
Moderator
SecurityFocus pen-test list

> -----Original Message-----
> From: rklemaster@hotmail.com [mailto:rklemaster@hotmail.com]
> Sent: Tuesday, December 27, 2005 10:23 AM
> To: pen-test@securityfocus.com
> Subject: Re: 3rd party vuln assesment firms
>
> Thanks guys, your input was very helpful, esp. Erin, Nathan,
> etc. We will be following up on the info as the project moves forward.
> Best,
> -rob
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your website. Up to 75% of cyber attacks are
> launched on shopping carts, forms, login pages, dynamic
> content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities to SQL injection, Cross site scripting
> and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.371 / Virus Database: 267.14.8/215 - Release
> Date: 12/27/2005
>
>

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.8/215 - Release Date: 12/27/2005
 
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:18 EDT