RE: How to pick the right company for penetration testing?

From: wjnorth (wjnorth@earthlink.net)
Date: Wed Jan 28 2004 - 18:04:22 EST

• Next message: Erik Birkholz: "Re: Offline sam dump?"
• Previous message: Nexus: "Re: digital surveillance techniques for forensics/penetration"
• In reply to: Eric Greenberg: "RE: How to pick the right company for penetration testing?"
• Next in thread: Cure, Samuel J: "RE: How to pick the right company for penetration testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good catch there. In my opinion one can't rely on a single vulnerability
scanner, which is why I typically use 2 or 3, Nessus for open source then
some foo-foo commercial tool to validate and invalidate findings.
Additionally, depending on what you are testing, there are a ton of
application level scanners for Database, Web, App and such the like. There
is no "leader" in any area, at most each tool validates the other, I've yet
to rely solely on a single tool as the end-all-solution.

-Wes
Sr. Information Security Engineer

At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote:
>That's a bold statement "leader in the space." I don't believe there is a
>single leader in the penetration testing space, there are choices. Answering
>his question about credentials, information, references might be less
>subjective.
>
>Regards,
>
>Eric Greenberg
>Chief Technical Officer
>NetFrameworks, Inc.
>http://www.NetFrameworks.com
>
>-----Original Message-----
>From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA
>[mailto:gideon@infostruct.net]
>Sent: Monday, January 26, 2004 9:03 PM
>To: pen-test@securityfocus.com
>Cc: aoyt78@dsl.pipex.com
>Subject: How to pick the right company for penetration testing?
>
>
>Andy,
>
>You should investigate vulnerability scanning services. The leader in the
>space is Qualys
>
> >>>>>>>>>>>>>>>>>>>>> the poster's original question
>I'm in a position to recommend a company and would like to know, what
>credentials/information/references should I ask for from a company who
>offers such services.
>
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Erik Birkholz: "Re: Offline sam dump?"
• Previous message: Nexus: "Re: digital surveillance techniques for forensics/penetration"
• In reply to: Eric Greenberg: "RE: How to pick the right company for penetration testing?"
• Next in thread: Cure, Samuel J: "RE: How to pick the right company for penetration testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT