Re: Publishing Findings on Commercial Applications

Jezebel Ali dijo:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings Brother David MacDonald and other List member,

Thanks for response. I must admit that publishing finding makes no
sense, yet I look at it from point of view of helping other bank
and financial institutes to protect themselves. This findings may
save them money by helping do it themselves.

If that is your target, provide a report to your customer. He sure has some closed list he can e-mail your findings to. I know a number of banks that have very strong relationships and exchange IT security information between themselves, after all, they typically use similar products. If you customer is big enough he probably has those ties too.

If he doesn't, then you can still forward the report to *your* contacts in the bank industry instead of posting it in a publich list. Don't think that if you publish your findings in a public forum you will be read by banking industry members. Many of them will probably monitor some other (internal/non public) mailing lists or forums with a better signal/noise ratio.

Just my 2c.



Javier


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

Relevant Pages

  • Re: Looking for good Brute-Force Web form auditing tool
    ... We just finished an eval between Appscap, Webinspect, and Cenzic Hailstorm (ironically, they're the current sponsor for the pen-test mailing list, so just check out the footer of the email for their urls). ... If you're not familiar with linux and want to try Hydra, look into any one of the many linux security distros on a CD. ... use word lists, ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Cantor K.O.d -- again!
    ... demonstrating why "infinite" lists are logically impossible. ... the m_th symbol of the n_th list member is a circle with m dots ... the first list member has one symbol: a circle with one dot ...
    (sci.math)
  • Cantor K.O.d -- again!
    ... demonstrating why "infinite" lists are logically impossible. ... the m_th symbol of the n_th list member is a circle with m dots ... the first list member has one symbol: a circle with one dot ...
    (sci.logic)
  • RE: passw0rd trial limit
    ... There are many "Default Password Lists" on the internet that are fairly ... compiled a personal list of passwords that I've run across. ... managed service can help you: http://www.cenzic.com/news_events/wpappsec.php ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Pentester convicted thread
    ... dcstuff at attrition.org or other mailing lists are more appropriate ... If there is a security issue with it I'm sure that SecurityFocus would ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)