[SASAG] Web site pen test/source review

macker macker at gmail.com
Fri Jul 25 00:01:34 PDT 2008 

For the amount they charge, they better also give you a happy ending ;)

On Thu, Jul 24, 2008 at 10:55 PM, Lamont Granquist <lamont at scriptkiddie.org>
wrote:

>
> Core does way more than just run impact on your boxes.
>
>
> On Thu, 24 Jul 2008, macker wrote:
>
>> If you want someone to break in, I'll do it for free dude.
>>
>> Core makes an awesome product, impact. Why hire core when you can just
>> find
>> a contractor who is well versed in their product and has a copy? Save
>> triple
>> the cost. They come in, and run core impact. I don't see how thats good
>> advice to shell out.
>>
>> The people not rich enough to afford core use metasploit. If being about 7
>> days behind the latest payloads is not an issue, and as stated, PCI /
>> other
>> compliance is not an issue, I would go with a private contractor if all
>> your
>> doing is testing your weakness, unless you want to shell out 20k.
>>
>> If that is your 'ballpark', then IO is a good choice.
>>
>> On Thu, Jul 24, 2008 at 4:53 PM, Lamont Granquist <
>> lamont at scriptkiddie.org>
>> wrote:
>>
>>
>>> if you actually want people who will break into your systems and not just
>>> write up documentation to make regulators happy, i'd recommend:
>>>
>>> http://www.coresecurity.com/
>>>
>>> if you're just trying to pass audits and don't really care, then they're
>>> probably not ideal.
>>>
>>> On Thu, 24 Jul 2008, Scott McDermott wrote:
>>>
>>>> Can anyone recommend anyone that does web site penetration
>>>> testing/source code review?
>>>>
>>>> --
>>>> Scott McDermott
>>>> _______________________________________________
>>>> Members mailing list
>>>> Members at lists.sasag.org
>>>> http://lists.sasag.org/mailman/listinfo/members
>>>>
>>>>  _______________________________________________
>>> Members mailing list
>>> Members at lists.sasag.org
>>> http://lists.sasag.org/mailman/listinfo/members
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sasag.org/pipermail/members/attachments/20080725/8615c509/attachment.html>

More information about the Members mailing list