Penetration testing

Soldato
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
Hi All :)

A new client wants us to prove that their data is safe (fair enough!). It's available online through a SSL portal, but they want "Penetration testing" carried out. It's not something we've been asked for before, but we're happy to get it done as we have some high profile clients so we obviously want their data to be safe.

Has anyone used a company to do the testing that can be recommended?

thanks :)
 
Make sure you pick a good firm, and i hope this client is bringing you a lot of business as any good pen test should take a good amount of time and a large amount of money.
 
Thanks both. We definitely want a reputable company. When doing tenders we're seeing increasingly complex requirements and we suspect this will be the first request of several so with luck we can spread the cost over several clients.
 
Vega.co.uk. They have worked with both private and government clients. I am not connected other than working with a client shown in their Case Study examples along side some of their people.

They will of course check via HTTPS, but for a thorough job will likely need physical access to the servers.
 
Last edited:
I dunno when Qinetiq joined that CESG list but not that long ago they had a huge problem in the USA - information being accessed over wifi from underground carparks for example :). A lot of information is feared to have got into the hands of Chinese hackers via Qinetiq (not intentionally of course)
Worth a look but I wouldn't limit to this, companies IMO can get accredited by BS/ targeting the goals to achieve it. ANd CESG is a government org, probably flawed within itself :)
 
Make sure whoever answers phones in your support department doesn't just reset passwords without any idea of who's calling :p

Much easier to get someone to let you in than having to break in yourself.
 
Thanks again everyone :)

The site that will be undergoing the testing has its passwords reset by me - and I've even asked the MD of one of the largest housing associations in the country to prove it lol
 
First quote has come in at £3k so not too bad (it's only a small site). Just waiting for second quote.

Thanks peeps :)
 
Used http://www.nettitude.com several times. Also had one of their PenTesters out for a one on one and show me how a hacker will go about cracking a site, very informative. They also do social engineering with a very high success rate if you want to spend the money.
 
Back
Top Bottom