• You are losing out on amazing benefits because you are not a member. Join for free. Register now.
  • Big Two-Day Giveaway - Win an Amazon Kindle, a Mystery Gadget and Branded Gear. Enter Here.
  • Test your broadband speed and win prizes worth R5,000. Enter here.

Penetration Testing

scud

Senior Member
Joined
Sep 1, 2005
Messages
765
#1
Can anyone recommend a local company that does penetration testing , GAP assessment etc ?
Thanks
 

scud

Senior Member
Joined
Sep 1, 2005
Messages
765
#3
And just pen testing ? KPMG sounds a bit expensive.
Just need to pen test one of our servers for compliance , there must be someone local who offers this service .
I have googled , there are a few , but I would really like a recommendation
 

OCP

Expert Member
Joined
Jan 23, 2014
Messages
2,155
#4
You asked who did - you didn't ask if they were cheap ;-)

I know of a few more - will give details tomorrow when back at my desk.
 
Joined
Aug 8, 2017
Messages
763
#5
Sensepost

Their reports were very good last time I was involved with a product they tested it. On the other hand, another company that I thought was more finance oriented (I don't remember who), gave some pretty generic and overall useless recommendations.
 

@udiS3

Well-Known Member
Joined
Feb 4, 2008
Messages
499
#7
Sensepost - they are good.

If you have some technical skill within your organisation - run a few open source scan tools against the server and app before hand. This will allow you to fix a lot of the issues and save a lot of money before getting a vendor involved.

Nessus/OpenVAS - check the server.

OWASP Zap - check the web application.
 

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,191
#12
You just want to look at one server? Is this server domain joined? What other systems communicate to that server? you may want to do a full penetration test on the network. Do you want a penetration test or just a compliance review? Those are two different things. Depending on what type of compliance testing you want done I am sure Nessus can do it. Nessus uses the CIS benchmarks https://www.cisecurity.org/cis-benchmarks/ so if your OS is Microsoft Windows 2012 R2 for example there there level 1 and 2 benchmarks for that.
 
Joined
Jun 20, 2007
Messages
6
#17
No offence taken. :) Many get SACS.co.za confused with SACS.ac.za School in the Cape
It is important to understand the difference also between some large companies selling PenTest dressed in Vulnerability Assessment. Lots of manual processes are required.

Regards
Mervin
 

EMAM

Executive Member
Joined
Nov 16, 2012
Messages
8,277
#19
Every time I see this topic come up in my threads, I'm soooooooo tempted.....

But I'll behave!

Anyway, clickbait title
 

DMNknight

Expert Member
Joined
Oct 17, 2003
Messages
2,294
#20
And just pen testing ? KPMG sounds a bit expensive.
Just need to pen test one of our servers for compliance , there must be someone local who offers this service .
I have googled , there are a few , but I would really like a recommendation
You can't really take this approach. The really good hackers will use anything and everything to try and get into your server if they are determined enough.
Therefore not only is physical security, but the security of the technology components that surround the server, of paramount importance.

Also, you need a team of specialists, rather than just a single person. People think differently from each other, so it's best to get a team of people that will try a variety of methods to breach, which the others have possibly not thought of.

This is not a small exercise, where you can target a single server and say "we're safe". That's a placebo effect and won't have the result you're actually looking for.
 
Top