Penetration Testing?
-
See my post below :laugh: Just be sure that pen test != DDoS attack :D Last year we got some good results that helped us secure the system though. We even learned a thing or two in the process :) The costs depend on the size of your system. A coworker told me the pen test at his previous employer took three to four weeks (for a team of 2-4) and cost about €40.000,-. That was a big system. Our current pen test takes about a week and I don't know the costs involved.
Best, Sander arrgh.js - Bringing LINQ to JavaScript SQL Server for C# Developers Succinctly Object-Oriented Programming in C# Succinctly
Sander Rossel wrote:
Our current pen test takes about a week and I don't know the costs involved.
When the lawsuit's over, you should be at least a million up on the deal.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Sander Rossel wrote:
Our current pen test takes about a week and I don't know the costs involved.
When the lawsuit's over, you should be at least a million up on the deal.
I wanna be a eunuchs developer! Pass me a bread knife!
No one is suing anyone over a slow system. This isn't America :D
Best, Sander arrgh.js - Bringing LINQ to JavaScript SQL Server for C# Developers Succinctly Object-Oriented Programming in C# Succinctly
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
What you really want is a Vulnerability Assessment, which may or may not include a pen test. If they're insisting on that, it's fine, but a pen test alone will only give you specific details, not an actual overview of system vulnerabilities (and therefore a road map as to how to fix it). Just make sure it's an established security consultant (if they've been in business less than a year, move on) and that they hold a certain level of certification (SANS, CISSP, etc). Any consultant or service worth their salt should be able to provide references. If the client has a specific parameter for who they want, or what accreditation they hold, and they're really that big of a client, it's likely best to follow their model.
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
-
See my post below :laugh: Just be sure that pen test != DDoS attack :D Last year we got some good results that helped us secure the system though. We even learned a thing or two in the process :) The costs depend on the size of your system. A coworker told me the pen test at his previous employer took three to four weeks (for a team of 2-4) and cost about €40.000,-. That was a big system. Our current pen test takes about a week and I don't know the costs involved.
Best, Sander arrgh.js - Bringing LINQ to JavaScript SQL Server for C# Developers Succinctly Object-Oriented Programming in C# Succinctly
-
What you really want is a Vulnerability Assessment, which may or may not include a pen test. If they're insisting on that, it's fine, but a pen test alone will only give you specific details, not an actual overview of system vulnerabilities (and therefore a road map as to how to fix it). Just make sure it's an established security consultant (if they've been in business less than a year, move on) and that they hold a certain level of certification (SANS, CISSP, etc). Any consultant or service worth their salt should be able to provide references. If the client has a specific parameter for who they want, or what accreditation they hold, and they're really that big of a client, it's likely best to follow their model.
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
Benjamin - (I feel like a broken record here) - do you have any recommendations that have done good jobs for you? Thanks, David
-
Sander - If you can find out who gave you good results, I would love to hear from whom. David
Best I don't, they're the same people that DDoSed us yesterday :doh:
Best, Sander arrgh.js - Bringing LINQ to JavaScript SQL Server for C# Developers Succinctly Object-Oriented Programming in C# Succinctly
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
I have used several companies in the past most recently NCC (recommended) and Pentura. Both UK based. Costs approx £5-10,000 for a system with 2 web services, one web portal and an Android app. Main suggestion is to get them to include a "re-visit" of issues found once you think you have fixed them - there will be vulnerabilities :-D .
-
I have used several companies in the past most recently NCC (recommended) and Pentura. Both UK based. Costs approx £5-10,000 for a system with 2 web services, one web portal and an Android app. Main suggestion is to get them to include a "re-visit" of issues found once you think you have fixed them - there will be vulnerabilities :-D .
Thanks and great suggestion on having them revisit the site afterwards.
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
One of our large corporate clients had some organization do penetration testing for us a couple of years ago. Some good feedback, some crap. However, when it came to "o.k., who's going to pay for implementing all this?", nothing happened. I wonder what ever became of that information. So, before setting out on this, make sure that someone has the wherewithal to actually act upon the results, or don't waste time.
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
Ok, time to lower the tone 'cos this topic recently came up at work and I'm not allowed to do this in the office. Cue Eric Idle ... Penetration Testing? Nudge nudge. Know what I mean. Nods as good as a wink to blind budgerigar. Say no more squire. Say no more. (Nudge Nudge - Monty Python's Flying Circus - YouTube[^]
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
Ok, time to lower the tone 'cos this topic recently came up at work and I'm not allowed to do this in the office. Cue Eric Idle ... Penetration Testing? Nudge nudge. Know what I mean. Nods as good as a wink to blind budgerigar. Say no more squire. Say no more. (Nudge Nudge - Monty Python's Flying Circus - YouTube[^]
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
Got some initial prices for Pen Test from a vendor today. Looks like range of prices are: $ 2K - you do the work to get the application to comply $20K - They hand hold you to get the application to comply Some of the breakdowns are: $2500 / day for onsite testing - usually 3-5 days $8000 for code review. $2000 for subscription to Dynamic Scan of application for one year. Can be run as many times as required and includes 3hrs of support (total) $7000 for 3hrs per month of support. Hope this helps others looking.
-
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area? 1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road? We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
Paula Januszkiewicz is very good.
