scud
Expert Member
Can anyone recommend a local company that does penetration testing , GAP assessment etc ?
Thanks
Thanks
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Which is the most hair-raising South African mountain pass you've driven?
Penetration Testing
- Thread starter scud
- Start date
scud
Expert Member
Barbarian Conan
Executive Member
Sensepost
Their reports were very good last time I was involved with a product they tested it. On the other hand, another company that I thought was more finance oriented (I don't remember who), gave some pretty generic and overall useless recommendations.
Their reports were very good last time I was involved with a product they tested it. On the other hand, another company that I thought was more finance oriented (I don't remember who), gave some pretty generic and overall useless recommendations.
Sensepost - Highly trained security guys, and nice too.
Sensepost - they are good.
If you have some technical skill within your organisation - run a few open source scan tools against the server and app before hand. This will allow you to fix a lot of the issues and save a lot of money before getting a vendor involved.
Nessus/OpenVAS - check the server.
OWASP Zap - check the web application.
If you have some technical skill within your organisation - run a few open source scan tools against the server and app before hand. This will allow you to fix a lot of the issues and save a lot of money before getting a vendor involved.
Nessus/OpenVAS - check the server.
OWASP Zap - check the web application.
scud
Expert Member
Thanks all 
Ouch
Mervin is a great guy with tons of experience.
ActivateD
Expert Member
You just want to look at one server? Is this server domain joined? What other systems communicate to that server? you may want to do a full penetration test on the network. Do you want a penetration test or just a compliance review? Those are two different things. Depending on what type of compliance testing you want done I am sure Nessus can do it. Nessus uses the CIS benchmarks https://www.cisecurity.org/cis-benchmarks/ so if your OS is Microsoft Windows 2012 R2 for example there there level 1 and 2 benchmarks for that.
Apologies, I took this as a reference to the swimming coach at a boys' school....
Me too lol
Hahaha, yeah I'm sure there's lot of "pen testing" at SACS the school too
newby_investor
Executive Member
I know a couple of people that work here:
https://www.mwrinfosecurity.com/contact/
Not sure about whether or not they're cheap, but as far as I'm aware they're pretty good.
https://www.mwrinfosecurity.com/contact/
Not sure about whether or not they're cheap, but as far as I'm aware they're pretty good.
MervinPearce
New Member
- Joined
- Jun 20, 2007
- Messages
- 6
- Reaction score
- 0
No offence taken. Many get SACS.co.za confused with SACS.ac.za School in the Cape
It is important to understand the difference also between some large companies selling PenTest dressed in Vulnerability Assessment. Lots of manual processes are required.
Regards
Mervin
Many get SACS.co.za confused with SACS.ac.za School in the CapeIt is important to understand the difference also between some large companies selling PenTest dressed in Vulnerability Assessment. Lots of manual processes are required.
Regards
Mervin
You can't really take this approach. The really good hackers will use anything and everything to try and get into your server if they are determined enough.
Therefore not only is physical security, but the security of the technology components that surround the server, of paramount importance.
Also, you need a team of specialists, rather than just a single person. People think differently from each other, so it's best to get a team of people that will try a variety of methods to breach, which the others have possibly not thought of.
This is not a small exercise, where you can target a single server and say "we're safe". That's a placebo effect and won't have the result you're actually looking for.