RE: Recommended Web-Based Application Security Companies
From: Josh Perrymon (perrymonj_at_networkarmor.com)
Date: 10/20/05
- Previous message: Josh Perrymon: "RE: Tools/Software Toolkits"
- Maybe in reply to: secmail.lists_at_gmail.com: "Recommended Web-Based Application Security Companies"
- Next in thread: Dhruv Soi: "RE: Recommended Web-Based Application Security Companies"
- Reply: Dhruv Soi: "RE: Recommended Web-Based Application Security Companies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 09:51:00 -0500 To: "Thomas Ryan" <tryan@siegeworksint.com>, <secmail.lists@gmail.com>
So what makes one company stand apart from another company?
Price? Talent?
How do the deliverable reports vary from each company?
To me one aspect that is very important is the reporting process... too
often the reports are based on tool printouts.
For instance- I'm really impressed with the tool "Core Impact" for
ease-of-use in rapid penetrations... But doesn't that take a little out
of the entire process? I can see where it makes the bottom line better
with rapid turn-over on engagements but it seems to take out too much of
the hands on aspect of it...
But again-- I do this work because I have a passion for it.. not for the
bottom line :)
-JP
-----Original Message-----
From: Thomas Ryan [mailto:tryan@siegeworksint.com]
Sent: Thursday, October 20, 2005 1:15 AM
To: secmail.lists@gmail.com
Cc: pen-test@securityfocus.com
Subject: Re: Recommended Web-Based Application Security Companies
I am a firm believer in fair competition and due diligence when it comes
=
to Pen Testing.
I would suggest not looking for one company, but multiple companies.
Have a formal RFP Process and evaluate vendors based on your company's
cr=
iteria.
A few companies I can speak for that have serious talent and some of
whic= h
we are in constant competition with:
SiegeWorks International http://www.siegeworksint.com
NET2S http://www.net2s.com
Foundstone (McAfee) http://www.foundstone.com
@Stake (Symantec) http://www.atstake.com
INS http://www.ins.com
FishNET http://www.fishnetsecurity.com
Thomas Ryan
Senior Security Consultant
SiegeWorks International
tom@siegeworksint.com
http://www.siegeworksint.com
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Previous message: Josh Perrymon: "RE: Tools/Software Toolkits"
- Maybe in reply to: secmail.lists_at_gmail.com: "Recommended Web-Based Application Security Companies"
- Next in thread: Dhruv Soi: "RE: Recommended Web-Based Application Security Companies"
- Reply: Dhruv Soi: "RE: Recommended Web-Based Application Security Companies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
