Penetration Testing

Forums › IT Pro and developers › Penetration Testing

Zeon

3913 posts

Uber Geek

Trusted

#205321 8-Nov-2016 20:15

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.

Speedtest 2019-10-14

vulcannz

436 posts

Ultimate Geek
Inactive user

#1666191 9-Nov-2016 08:36

Depends on how much you want to pay. I've heard good things about Trustwaves service (and they're my competitor sort of). What I liked is that they did a more active probe (ethical hack) for actual relevant results.

Most of the others seem to use freebie versions of Nessus with very passive scanning which drives me nuts as it usually comes back with all sorts of false results. Essentially it takes a guess at what is running / what libraries are being used and references that against a database of vulnerabilities.

AliExpress

Shop now on AliExpress (affiliate link).

Inphinity

2780 posts

Uber Geek

#1666194 9-Nov-2016 08:41

I've had dealings with security-assessment.com, Lateral Security, and Insomnia Security over the years, and always been positive experiences.

PolicyGuy

1714 posts

Uber Geek

ID Verified

Lifetime subscriber

#1666195 9-Nov-2016 08:44

You could look at companies on the Government procurement "ICT Security and Related Services" Panel - Aura is there amongst quite a few others, some of which my organisation has used to perform vulnerability assessments including penetration testing. See https://www.ict.govt.nz/services/show/SRS-Panel

Noodles

487 posts

Ultimate Geek

#1666266 9-Nov-2016 09:13

I highly recommend Insomnia Security, we've used them for years.

spearsniper

133 posts

Master Geek

#1666299 9-Nov-2016 09:55

+1 for Insomnia.

Lias

5578 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1666819 9-Nov-2016 19:14

We've used Security Assesments at work, and they seemed fairly competent. As a bonus they are part of Dimension Data who most IT shops of any size in NZ probably already do business with.

I've also met/talked to some of the Lateral security folks at the Christchurch ISIG meetups and they seem like cool people too, but haven't used them professionally.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

timmmay

20476 posts

Uber Geek

Trusted

Lifetime subscriber

#1666862 9-Nov-2016 20:39

Aura are excellent.

michaelmurfy

meow
13214 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1667033 9-Nov-2016 23:25

I've used Lateral security before and they were great. Also deal with Insomnia who are pretty good.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

JimsonWeed

126 posts

Master Geek
Inactive user

#1696476 30-Dec-2016 12:11

Zeon:

Does anyone have any experience with penetration testing providers? This is mainly for a web app. I know of Aura in NZ but wanted to see if anyone had any recommendations or experience from either NZ or international providers.

Aura, Lateral, SA, Insomnia, and several others. Most of the folks know one another real well. It's a very small, and tight community of people. Most are quite good while some are much better than others. Go to a 1st Tuesday's gather on the 1st Tuesday of every month. It's sponsored through DUO.CO.NZ in both Auckland and Wellington. There's also the ISIG community that meet fairly regularly. It won't take long to separate out the ones you believe will meet your needs.

Worse case scenario is you put Kali Linux on a laptop or live USB and learn some of the basics yourself. Obviously, I would strongly advise against pen-testing your production site if you're completely green :) Yeah, nah.. not the best approach to learning unless you're a glutton for punishment.

If you have needs for specific types of pen-testing, drop me a private message and I'll offer an opinion on who I believe fits in the pecking order of skill sets.