[SASAG] Web site pen test/source review
macker at gmail.com
Fri Jul 25 00:01:34 PDT 2008
For the amount they charge, they better also give you a happy ending ;)
On Thu, Jul 24, 2008 at 10:55 PM, Lamont Granquist <lamont at scriptkiddie.org>
> Core does way more than just run impact on your boxes.
> On Thu, 24 Jul 2008, macker wrote:
>> If you want someone to break in, I'll do it for free dude.
>> Core makes an awesome product, impact. Why hire core when you can just
>> a contractor who is well versed in their product and has a copy? Save
>> the cost. They come in, and run core impact. I don't see how thats good
>> advice to shell out.
>> The people not rich enough to afford core use metasploit. If being about 7
>> days behind the latest payloads is not an issue, and as stated, PCI /
>> compliance is not an issue, I would go with a private contractor if all
>> doing is testing your weakness, unless you want to shell out 20k.
>> If that is your 'ballpark', then IO is a good choice.
>> On Thu, Jul 24, 2008 at 4:53 PM, Lamont Granquist <
>> lamont at scriptkiddie.org>
>>> if you actually want people who will break into your systems and not just
>>> write up documentation to make regulators happy, i'd recommend:
>>> if you're just trying to pass audits and don't really care, then they're
>>> probably not ideal.
>>> On Thu, 24 Jul 2008, Scott McDermott wrote:
>>>> Can anyone recommend anyone that does web site penetration
>>>> testing/source code review?
>>>> Scott McDermott
>>>> Members mailing list
>>>> Members at lists.sasag.org
>>> Members mailing list
>>> Members at lists.sasag.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Members