Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3439 posts

Uber Geek
+1 received by user: 435

Trusted

Topic # 205321 8-Nov-2016 20:15
Send private message

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.






Create new topic
398 posts

Ultimate Geek
+1 received by user: 108


  Reply # 1666191 9-Nov-2016 08:36
Send private message

Depends on how much you want to pay. I've heard good things about Trustwaves service (and they're my competitor sort of). What I liked is that they did a more active probe (ethical hack) for actual relevant results.

 

Most of the others seem to use freebie versions of Nessus with very passive scanning which drives me nuts as it usually comes back with all sorts of false results. Essentially it takes a guess at what is running / what libraries are being used and references that against a database of vulnerabilities.


2531 posts

Uber Geek
+1 received by user: 940

Subscriber

  Reply # 1666194 9-Nov-2016 08:41
Send private message

I've had dealings with security-assessment.com, Lateral Security, and Insomnia Security over the years, and always been positive experiences.


 
 
 
 


250 posts

Master Geek
+1 received by user: 123

Lifetime subscriber

  Reply # 1666195 9-Nov-2016 08:44
Send private message

You could look at companies on the Government procurement "ICT Security and Related Services" Panel - Aura is there amongst quite a few others, some of which my organisation has used to perform vulnerability assessments including penetration testing. See https://www.ict.govt.nz/services/show/SRS-Panel


467 posts

Ultimate Geek
+1 received by user: 83


  Reply # 1666266 9-Nov-2016 09:13
Send private message

I highly recommend Insomnia Security, we've used them for years.


130 posts

Master Geek
+1 received by user: 59


  Reply # 1666299 9-Nov-2016 09:55
Send private message

+1 for Insomnia.

 

 


3579 posts

Uber Geek
+1 received by user: 2043

Trusted
Lifetime subscriber

  Reply # 1666819 9-Nov-2016 19:14
Send private message

We've used Security Assesments at work, and they seemed fairly competent. As a bonus they are part of Dimension Data who most IT shops of any size in NZ probably already do business with.

 

I've also met/talked to some of the Lateral security folks at the Christchurch ISIG meetups and they seem like cool people too, but haven't used them professionally. 

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.


14432 posts

Uber Geek
+1 received by user: 2653

Trusted
Subscriber

  Reply # 1666862 9-Nov-2016 20:39
Send private message

Aura are excellent.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


Mr Snotty
8305 posts

Uber Geek
+1 received by user: 4274

Moderator
Trusted
Lifetime subscriber

  Reply # 1667033 9-Nov-2016 23:25
Send private message

I've used Lateral security before and they were great. Also deal with Insomnia who are pretty good.





126 posts

Master Geek
+1 received by user: 4
Inactive user


  Reply # 1696476 30-Dec-2016 12:11
Send private message

Zeon:

 

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.

 

 

Aura, Lateral, SA, Insomnia, and several others.  Most of the folks know one another real well.  It's a very small, and tight community of people.  Most are quite good while some are much better than others.  Go to a 1st Tuesday's gather on the 1st Tuesday of every month.  It's sponsored through DUO.CO.NZ in both Auckland and Wellington.  There's also the ISIG community that meet fairly regularly.  It won't take long to separate out the ones you believe will meet your needs.

 

Worse case scenario is you put Kali Linux on a laptop or live USB and learn some of the basics yourself.  Obviously, I would strongly advise against pen-testing your production site if you're completely green :)  Yeah, nah.. not the best approach to learning unless you're a glutton for punishment.

 

If you have needs for specific types of pen-testing, drop me a private message and I'll offer an opinion on who I believe fits in the pecking order of skill sets.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.