OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: How to pick the right company for penetration testing?

From: wjnorth (wjnorthearthlink.net)
Date: Wed Jan 28 2004 - 17:04:22 CST


Good catch there. In my opinion one can't rely on a single vulnerability
scanner, which is why I typically use 2 or 3, Nessus for open source then
some foo-foo commercial tool to validate and invalidate findings.
Additionally, depending on what you are testing, there are a ton of
application level scanners for Database, Web, App and such the like. There
is no "leader" in any area, at most each tool validates the other, I've yet
to rely solely on a single tool as the end-all-solution.

-Wes
Sr. Information Security Engineer

At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote:
>That's a bold statement "leader in the space." I don't believe there is a
>single leader in the penetration testing space, there are choices. Answering
>his question about credentials, information, references might be less
>subjective.
>
>Regards,
>
>Eric Greenberg
>Chief Technical Officer
>NetFrameworks, Inc.
>http://www.NetFrameworks.com
>
>-----Original Message-----
>From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA
>[mailto:gideoninfostruct.net]
>Sent: Monday, January 26, 2004 9:03 PM
>To: pen-testsecurityfocus.com
>Cc: aoyt78dsl.pipex.com
>Subject: How to pick the right company for penetration testing?
>
>
>Andy,
>
>You should investigate vulnerability scanning services. The leader in the
>space is Qualys
>
> >>>>>>>>>>>>>>>>>>>>> the poster's original question
>I'm in a position to recommend a company and would like to know, what
>credentials/information/references should I ask for from a company who
>offers such services.
>
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------