Re: 3rd party vuln assesment firms

From: neal wise <neal.wise@xxxxxxxxxxxxxxxx>
Date: Sun, 25 Dec 2005 13:21:47 +1100


On 24/12/2005, at 7:14 AM, Ivan Arce wrote:

I would summarize (from a provider's perspective) the msot important
things as follows:
- A well-defined defined scope
- A well-prepared action plan including all the relevant points of
contact with the customer and an agreed-upon way to communicate with
them. They should be aware that the assessment will take place during
weeks X-Y and they'll need to get involved.
- A precise timeframe and work schedule.
- A follow-up plan to act on the results.

Hi,

I agree with Ivan's points here. These kinds of issues occur so regularly for us with clients that we put a presentation together to illustrate how mistakes cost them money and review opportunity:

http://www.assurance.com.au/resources/presentations/Maximizing-the- benefits-of-VA.pdf

Our point is that the last thing we want is for these kinds of mistakes to prevent more thorough assessment from occurring. It's their resources (money, time) that's being wasted.

regards,

Neal
___________
Neal Wise CISSP CISA - neal.wise[at]assurance.com.au
PGP: 1DAA 1F81 EE57 F975 BA41  5BBA 7C38 F9F0 522D F20E

------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

References:
- Re: 3rd party vuln assesment firms
  - From: Erin Carroll
- Re: 3rd party vuln assesment firms
  - From: Ivan Arce

Prev by Date: Re: IPS Comparison
Next by Date: RE: 3rd party vuln assesment firms
Previous by thread: Re: 3rd party vuln assesment firms
Next by thread: Re: 3rd party vuln assesment firms
Index(es):
- Date
- Thread

Relevant Pages

Re: IPS Comparison
... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... Check your website for ... Cross site scripting and other web attacks before ...
(Pen-Test)
RE: Pre-Scanning for Marketing
... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... Check your website for ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: Rainbowtables for WPA PSK?
... Hackers are concentrating their efforts on attacking ... Up to 75% of cyber attacks are launched on shopping ... Check your website ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: Correlating an IP address with a phone number
... Check your website for vulnerabilities ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: looking for tools/scripts to clean up unused AD accounts
... Post this on the activedirectory listserve..topics like these get asked all the time.... ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)