Re: "PenTest" a container file

From: Javier Fernández-Sanguino (jfernandez@germinus.com)
Date: Mon Jan 29 2007 - 03:11:28 EST


Thor (Hammer of God) dijo:
>
> modem. I mean, what kind of application development company using their own
> encryption algorithm would hire someone to crack it who has to post to
> PenTest for advice on what his first steps should be?

You will be surprised at the number of companies (even govt's) that do
not do proper background checking of the companies they hire for
security. Some companies/agencies just look at the money of the proposal
and hire the cheapest guys around.

 From my experience, some european companies that have to run audits
every year (typically "summarised" to a pentest) and cannot repeat with
the same company until X years go by [1] will sometimes contract some
very lame company with good "presence" and no skills.

Regards

Javier

[1] Due to legitimate concerns of companies "getting comfortable" and
not doing proper work the second time around.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:33 EDT