Security/Pen-Test companies.

Pope Viper

Pope Viper

Well-known member
My company recently hired a company to do some security analysis and pen-test work for us, and the results were less than satisfactory.

Any of you folks who work for mid-large sized companies able to recommend anyone?
 
Yeah, from experience, the security companies that I know of, hired by large coperates that I have worked for didn't know their arse from their elbow... it's shocking

If they say they can make you 100% secure, don't trust them

Often the really good penetration testers are ones that have been unemployed for a while and hacked around (self trained), and then trained in house too

I've no recommendations (I do have a few, but they are full time employed), but if they only run a few tools (paros / wireshark / burp /nmap... ) and then hand over your results with a few days, you've not been given a thorough test. (don't get me wrong, I love those tools for quick results, but they only skim the surface)

Before hiring, I would ask for a list of projects they've worked on and confirm this with their previous employer... but even then, I think security companies are often a shame (they seem to be backward thinking in security and forward thinking in certificates and ticking boxes), I've seen self trained individuals get the job done much more thoroughly

My 2 Pence: Don't hire security companies/agencies, hire security testers with a track record (or train them in house if you have potential candidates).
 
tenants said:
Yeah, from experience, the security companies that I know of, hired by large coperates that I have worked for didn't know their arse from their elbow... it's shocking

If they say they can make you 100% secure, don't trust them

Often the really good penetration testers are ones that have been unemployed for a while and hacked around (self trained), and then trained in house too

I've no recommendations (I do have a few, but they are full time employed), but if they only run a few tools (paros / wireshark / burp /nmap... ) and then hand over your results with a few days, you've not been given a thorough test. (don't get me wrong, I love those tools for quick results, but they only skim the surface)

Before hiring, I would ask for a list of projects they've worked on and confirm this with their previous employer... but even then, I think security companies are often a shame (they seem to be backward thinking in security and forward thinking in certificates and ticking boxes), I've seen self trained individuals get the job done much more thoroughly

My 2 Pence: Don't hire security companies, hire security testers with a track record (or train them in house if you have potential companies).
Click to expand...

A pet peeve of mine is people claiming to be pen testers but all they do is run nessus :(. It bugs me. I don't claim for a second to do that. I put on a blackhat and try to invade networks with permission as loudly or as quietly as I can.

It's why while I'm at Net Force, I do the real deal and hit as much as I can in the limited time I have.
 

Similar threads

Fullmental
Dedicated server recommendations?
2 3
Replies
50
Views
4K
Vroomm
V
digitalpoint
A search engine spider running on XenForo framework (iolabs.io)
Replies
0
Views
1K
digitalpoint
digitalpoint
MacSeah
Seeking Custom Add-on Developers - Mid-To-Long-Term Projects
Replies
8
Views
2K
FrancescoL
FrancescoL
Anomandaris
  • Question Question
Resources Rank Lower Than Threads - SEO Issue
Replies
4
Views
2K
Anomandaris
Anomandaris
B
Need Xenforo expert to help with v1.5 fiasco
Replies
8
Views
1K
Ozzy47
Ozzy47
Top Bottom