Network Security: Detailed info on RE: Recommended Web-Based Application Security Companies

Subject:	RE: Recommended Web-Based Application Security Companies
Date:	Thu, 20 Oct 2005 09:51:00 -0500

So what makes one company stand apart from another company? 
Price? Talent? 

How do the deliverable reports vary from each company? 

To me one aspect that is very important is the reporting process...  too
often the reports are based on tool printouts.

For instance-  I'm really impressed with the tool "Core Impact" for
ease-of-use in rapid penetrations... But doesn't that take a little out
of the entire process?  I can see where it makes the bottom line better
with rapid turn-over on engagements but it seems to take out too much of
the hands on aspect of it...  

But again-- I do this work because I have a passion for it.. not for the
bottom line :)

-JP



-----Original Message-----
From: Thomas Ryan [mailto:tryan@siegeworksint.com] 
Sent: Thursday, October 20, 2005 1:15 AM
To: secmail.lists@gmail.com
Cc: pen-test@securityfocus.com
Subject: Re: Recommended Web-Based Application Security Companies

I am a firm believer in fair competition and due diligence when it comes
=
to Pen Testing.
I would suggest not looking for one company, but multiple companies. 
Have a formal RFP Process and evaluate vendors based on your company's
cr=
iteria.

A few companies I can speak for that have serious talent and some of
whic= h
we are in constant competition with:
SiegeWorks International http://www.siegeworksint.com
NET2S http://www.net2s.com 
Foundstone (McAfee) http://www.foundstone.com
@Stake (Symantec) http://www.atstake.com
INS http://www.ins.com
FishNET http://www.fishnetsecurity.com


Thomas Ryan
Senior Security Consultant
SiegeWorks International
tom@siegeworksint.com
http://www.siegeworksint.com



------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on
your 
website. Up to 75% of cyber attacks are launched on shopping carts,
forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are 
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Recommended Web-Based Application Security Companies, secmail . lists Re: Recommended Web-Based Application Security Companies, Kurt Keys Re: Recommended Web-Based Application Security Companies, Thomas Ryan RE: Recommended Web-Based Application Security Companies, Josh Perrymon <= RE: Recommended Web-Based Application Security Companies, Dhruv Soi Re: Recommended Web-Based Application Security Companies, secmail4karen

Previous by Date:	RE: Foundry Routers and Switches, Josh Perrymon
Next by Date:	RE: Tools/Software Toolkits, Steve Blackman
Previous by Thread:	Re: Recommended Web-Based Application Security Companies, Thomas Ryan
Next by Thread:	RE: Recommended Web-Based Application Security Companies, Dhruv Soi
Indexes:	[Date] [Thread] [Top] [All Lists]