Penetration Testing
Choosing an Independent Penetration Testing Firm Feb 07 2013 01:31AM
Remi Broemeling (remi broemeling org) (4 replies)
Re: Choosing an Independent Penetration Testing Firm Feb 07 2013 12:10PM
Owen Connolly (ojconnolly gmail com)
Re: Choosing an Independent Penetration Testing Firm Feb 07 2013 09:23AM
Anders Thulin (anders thulin sentor se)
Re: Choosing an Independent Penetration Testing Firm Feb 07 2013 03:38AM
Eric Schultz (fire0088 gmail com)
Re: Choosing an Independent Penetration Testing Firm Feb 07 2013 02:30AM
Justin Rogosky (jrogosky gmail com) (1 replies)
Well, I would see if you could get a sample report making sure it isn't
just a nessus report with a cover sheet. I would check out their client
list (assuming it is on their webpage) to make sure they have some
speciality in your line of business.

A lot of it is up to you too. You need to make sure you properly define
the scope and are available for them to contact you. If issues arise,
do you have the resources / contacts to fix them or get the information
to the person who can?

The first thing I would do is to make sure you need a penetration test?
Have you done a vulnerability assessment? Have you looked at your
security policies and made sure they are up to date and valid (adhered
to may be too much to ask depending on the environment)

Just my 2 cents (3 cents Canadian)

--Justin

On Wed, 2013-02-06 at 18:31 -0700, Remi Broemeling wrote:
> Hi all,
>
> I'm currently in the process of sizing up/comparing various
> Penetration Testing firms, and am having a bit of trouble finding
> distinguishing characteristics between them. I've looked at a fair
> few, but they all seem to offer very similar services with little to
> recommend one over another. What I'm looking for is an independent
> firm capable of doing external penetration tests against a small
> datacenter cluster of hosts and then providing a report of their
> results (I realize that I just described the general process of
> penetration testing).
>
> Does anyone on here have any specific recommendations on what to look
> for when choosing an independent penetration testing firm?
>
> Thanks,
>
> Remi
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: Choosing an Independent Penetration Testing Firm Feb 07 2013 03:15AM
Sergey Soldatov (votadlos gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus