Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersPenetration Testing
Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#205321 8-Nov-2016 20:15
Send private message

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.




Speedtest 2019-10-14

Create new topic
vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #1666191 9-Nov-2016 08:36
Send private message

Depends on how much you want to pay. I've heard good things about Trustwaves service (and they're my competitor sort of). What I liked is that they did a more active probe (ethical hack) for actual relevant results.

 

Most of the others seem to use freebie versions of Nessus with very passive scanning which drives me nuts as it usually comes back with all sorts of false results. Essentially it takes a guess at what is running / what libraries are being used and references that against a database of vulnerabilities.



Inphinity
2780 posts

Uber Geek
+1 received by user: 1184


  #1666194 9-Nov-2016 08:41
Send private message

I've had dealings with security-assessment.com, Lateral Security, and Insomnia Security over the years, and always been positive experiences.

PolicyGuy
1820 posts

Uber Geek
+1 received by user: 1769

ID Verified
Lifetime subscriber

  #1666195 9-Nov-2016 08:44
Send private message

You could look at companies on the Government procurement "ICT Security and Related Services" Panel - Aura is there amongst quite a few others, some of which my organisation has used to perform vulnerability assessments including penetration testing. See https://www.ict.govt.nz/services/show/SRS-Panel



Noodles
487 posts

Ultimate Geek
+1 received by user: 95


  #1666266 9-Nov-2016 09:13
Send private message

I highly recommend Insomnia Security, we've used them for years.

spearsniper
133 posts

Master Geek
+1 received by user: 65


  #1666299 9-Nov-2016 09:55
Send private message

+1 for Insomnia.

 

 

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #1666819 9-Nov-2016 19:14
Send private message

We've used Security Assesments at work, and they seemed fairly competent. As a bonus they are part of Dimension Data who most IT shops of any size in NZ probably already do business with.

 

I've also met/talked to some of the Lateral security folks at the Christchurch ISIG meetups and they seem like cool people too, but haven't used them professionally. 

 

 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

 
 
 
 

Shop now at Mighty Ape (affiliate link).
timmmay
20858 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #1666862 9-Nov-2016 20:39
Send private message

Aura are excellent.

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1667033 9-Nov-2016 23:25
Send private message

I've used Lateral security before and they were great. Also deal with Insomnia who are pretty good.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

JimsonWeed
126 posts

Master Geek
+1 received by user: 4
Inactive user


  #1696476 30-Dec-2016 12:11
Send private message

Zeon:

 

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.

 

 

Aura, Lateral, SA, Insomnia, and several others.  Most of the folks know one another real well.  It's a very small, and tight community of people.  Most are quite good while some are much better than others.  Go to a 1st Tuesday's gather on the 1st Tuesday of every month.  It's sponsored through DUO.CO.NZ in both Auckland and Wellington.  There's also the ISIG community that meet fairly regularly.  It won't take long to separate out the ones you believe will meet your needs.

 

Worse case scenario is you put Kali Linux on a laptop or live USB and learn some of the basics yourself.  Obviously, I would strongly advise against pen-testing your production site if you're completely green :)  Yeah, nah.. not the best approach to learning unless you're a glutton for punishment.

 

If you have needs for specific types of pen-testing, drop me a private message and I'll offer an opinion on who I believe fits in the pecking order of skill sets.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright