1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security/Pen-Test companies.

Discussion in 'Off Topic' started by Pope Viper, Oct 12, 2011.

  1. Pope Viper

    Pope Viper Well-Known Member

    My company recently hired a company to do some security analysis and pen-test work for us, and the results were less than satisfactory.

    Any of you folks who work for mid-large sized companies able to recommend anyone?
     
  2. ManagerJosh

    ManagerJosh Well-Known Member

    Sent you a Message Pope.
     
  3. Pope Viper

    Pope Viper Well-Known Member

    Got it, responded back.
     
  4. jonsidneyb

    jonsidneyb Well-Known Member

    What is a security pen test?

    Going to Google to see what I can find.
     
  5. jonsidneyb

    jonsidneyb Well-Known Member

    Ah, penetration test.
     
  6. ManagerJosh

    ManagerJosh Well-Known Member

    soooo anyone need a pen test/network vulnerability assessment done? :D? :D :D :p
     
  7. tenants

    tenants Well-Known Member

    Yeah, from experience, the security companies that I know of, hired by large coperates that I have worked for didn't know their arse from their elbow... it's shocking

    If they say they can make you 100% secure, don't trust them

    Often the really good penetration testers are ones that have been unemployed for a while and hacked around (self trained), and then trained in house too

    I've no recommendations (I do have a few, but they are full time employed), but if they only run a few tools (paros / wireshark / burp /nmap... ) and then hand over your results with a few days, you've not been given a thorough test. (don't get me wrong, I love those tools for quick results, but they only skim the surface)

    Before hiring, I would ask for a list of projects they've worked on and confirm this with their previous employer... but even then, I think security companies are often a shame (they seem to be backward thinking in security and forward thinking in certificates and ticking boxes), I've seen self trained individuals get the job done much more thoroughly

    My 2 Pence: Don't hire security companies/agencies, hire security testers with a track record (or train them in house if you have potential candidates).
     
  8. ManagerJosh

    ManagerJosh Well-Known Member

    A pet peeve of mine is people claiming to be pen testers but all they do is run nessus :(. It bugs me. I don't claim for a second to do that. I put on a blackhat and try to invade networks with permission as loudly or as quietly as I can.

    It's why while I'm at Net Force, I do the real deal and hit as much as I can in the limited time I have.
     
  9. ceribik

    ceribik Active Member

    Try Offensive Security.
     

Share This Page