Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3499 posts

Uber Geek

Trusted

# 205321 8-Nov-2016 20:15
Send private message

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.





Speedtest 2019-10-14


Create new topic
436 posts

Ultimate Geek
Inactive user


  # 1666191 9-Nov-2016 08:36
Send private message

Depends on how much you want to pay. I've heard good things about Trustwaves service (and they're my competitor sort of). What I liked is that they did a more active probe (ethical hack) for actual relevant results.

 

Most of the others seem to use freebie versions of Nessus with very passive scanning which drives me nuts as it usually comes back with all sorts of false results. Essentially it takes a guess at what is running / what libraries are being used and references that against a database of vulnerabilities.


2543 posts

Uber Geek


  # 1666194 9-Nov-2016 08:41
Send private message

I've had dealings with security-assessment.com, Lateral Security, and Insomnia Security over the years, and always been positive experiences.


 
 
 
 


475 posts

Ultimate Geek

Lifetime subscriber

  # 1666195 9-Nov-2016 08:44
Send private message

You could look at companies on the Government procurement "ICT Security and Related Services" Panel - Aura is there amongst quite a few others, some of which my organisation has used to perform vulnerability assessments including penetration testing. See https://www.ict.govt.nz/services/show/SRS-Panel


478 posts

Ultimate Geek


  # 1666266 9-Nov-2016 09:13
Send private message

I highly recommend Insomnia Security, we've used them for years.


130 posts

Master Geek


  # 1666299 9-Nov-2016 09:55
Send private message

+1 for Insomnia.

 

 


3909 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1666819 9-Nov-2016 19:14
Send private message

We've used Security Assesments at work, and they seemed fairly competent. As a bonus they are part of Dimension Data who most IT shops of any size in NZ probably already do business with.

 

I've also met/talked to some of the Lateral security folks at the Christchurch ISIG meetups and they seem like cool people too, but haven't used them professionally. 

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.


15352 posts

Uber Geek

Trusted
Subscriber

  # 1666862 9-Nov-2016 20:39
Send private message

Aura are excellent.


 
 
 
 


Mr Snotty
8920 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1667033 9-Nov-2016 23:25
Send private message

I've used Lateral security before and they were great. Also deal with Insomnia who are pretty good.





126 posts

Master Geek
Inactive user


  # 1696476 30-Dec-2016 12:11
Send private message

Zeon:

 

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.

 

 

Aura, Lateral, SA, Insomnia, and several others.  Most of the folks know one another real well.  It's a very small, and tight community of people.  Most are quite good while some are much better than others.  Go to a 1st Tuesday's gather on the 1st Tuesday of every month.  It's sponsored through DUO.CO.NZ in both Auckland and Wellington.  There's also the ISIG community that meet fairly regularly.  It won't take long to separate out the ones you believe will meet your needs.

 

Worse case scenario is you put Kali Linux on a laptop or live USB and learn some of the basics yourself.  Obviously, I would strongly advise against pen-testing your production site if you're completely green :)  Yeah, nah.. not the best approach to learning unless you're a glutton for punishment.

 

If you have needs for specific types of pen-testing, drop me a private message and I'll offer an opinion on who I believe fits in the pecking order of skill sets.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.