Full Disclosure mailing list archives
[Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- )
From: secreview <secreview () hushmail com>
Date: Mon, 17 Dec 2007 12:46:59 -0800 (PST)
We found Audit Serve, Inc., run by Mitchell H. Levine, by searching for "Penetration Testing" on Google. Audit Serve, Inc. offers, IS Auditing, Integrated Auditing, Sarbanes-Oxley Implementation Services, Sarbanes-Oxley Ongoing Compliance Services, PCI, Security andInternet Vulnerability Assessment & Penetration Testing Services.Our first impression of Audit Serve, Inc. was that they were a "rubber stamp of approval" shop that offers services that will do nothing to truly raise your proverbial security bar but will let you fill in your security checklist. This impression was made so quickly because of the $495.00 price quote on their main page. It reads "Internet Vulnerability Assessment & Penetration Testing starting at $495". (Just as an FYI, it is impossible to perform any human driven professional security services for that price. The cost of talent is simply too high.)When digging into their services we quickly realize that our initial impression of Audit Serve was accurate. They are in fact a "rubber stamp of approval" shop. Their security service deliverables appear to be the product of automated scanners (QualysGuard) and not the product of human talent. This also coincides with them being able to offer "Internet Vulnerability Assessment & Penetration Testing" services starting at $495, as no human element is incorporated into the deliverable based on what we saw.If you do not care about the security of your IT Infrastructure, and only want to get the "rubber stamp of approval" then Audit Serve, Inc. is your one stop shop. If on the other hand you do care about the security of your IT infrastructure, then we'd suggest finding a different provider.Grade Note:We're giving Audit Serve an F- for two reasons. The first reason is that they appear to be in the Information Security business to make a buck by providing people with the "rubber stamp of approval". In doing so they are actually doing a disservice to the IT community, and the IT Security Community. The second reason why we are giving them an F- is because their security services appear to use no human element and rely strictly on automated scanning (QualysGuard). If you feel that this grade is too harsh, let us know. -- Posted By secreview to Professional IT Security Providers - Exposed at 12/17/2007 10:28:00 AM
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- ) secreview (Dec 17)