Penetration Testing

you've asked a very very wide open question. what are you wanting to have pen tested? a host? a network? a whole environment? there are 'automated' pen tests where people will just poke a load of scripts at stuff to find 'known' vulnerabilities, and then there are proper pen tests where people get involved.

more info required...!
 
I'm a bit wary of web based pen test about whether I should trust them or not

I think just testing our network from the outside world is enough, part of some policies that we need to comply with say that we should do penetration testing
 
not sure i would really be comfortable using one of these online remote test things...dependant upon what you are wanting to have tested and the business you are in i guess. we have quarterly pen tests done for internet facing stuff, and then if we have requirements for additional stuff to be tested more thoroughly we get them in to do it. i'm always looking for feedback in terms of technical risk, but also business risk as well.
 
yeah we have a couple of internet facing bits that would need testing

atomiser I share your concerns about online tests

What sort of price do your quarterly tests cost?
 
not sure on costs, i don't get involved in the financial side of things. all i know is they were considerably cheaper than our existing supplier when we went out for tender. we have lots of internet facing stuff.

when we took them on they were called peapod, but they merged with gss in 2007. have a look on their website: http://www.gss.co.uk/corporate/index.gss?

we have also used irm a couple of times for a vmware and a wireless pen test. have a look at their website: http://www.irmplc.com/
 
Last edited:
Are you sure you want a Pen test or just a vulnerbility test? Cost isn't that huge. Good compnay is MWR security.
 
As above, pen testing and vulnerability assessments are very different (or at least, they should be!). As a general rule of thumb you shouldnt have to pay more than £100 per IP for a VA and £500 per IP for a pen test but it depends greatly on what is being tested.

We used to partner with Peapod but I found they were a bit pushy with flogging their other services but that might have improved since the merger with GSS. We have used Matta consulting who were very good and we also work with Randomstorm and have had very good feedback on them too.
 
For perspective, we pay £1000's per day of penetration tests. We get a bunch of smart guys (from QuineteQ or KPMG) in and brief them fully on the architecture that we want testing. Then they go nuts on the application and the infrastructure. They're very good to us, but we do send a lot of business their way.

It depends what you want from a pen test - if you want genuine confidence that what you've got is built well and not open to obvious or even marginally subtle attacks, then you'll pay $$$. If you wnt to tick in the box for the ISO man, just get your neighbour to run nmap.
 
I am doing a pen testing course this week actually - can get you the instructors name if you want, I know he does pen testing (and is very good at teaching the subject as well - how fast you can get into a Windows box made me have an accident in me pants today!!)


edit:// Just remembered the name - 7safe.com
 
You must log in or register to reply here.
Back
Top Bottom