Penetration Testing mailing list archives
Re: How to go about looking for a pen-tester
From: hellNbak <hellnbak () nmrc org>
Date: Sun, 3 Jun 2001 16:48:54 -0400 (EDT)
I have been reading with interest this list for a few weeks. Is there anything special that a customer should look for when choosing a pen tester? e.g., are there any certifications, associations, government agency that guarantee the pen-tester won't use the information learned to harm the network? Should the customer specify what is allowed and what is not allowed, or give the pen-tester a free hand to do his work? how about international agreements? Are there any websites recommending and rating pen-testers? Basically, what should a client do protect himself when asking a pen-tester to break in to his network.
First - all certifications mean is that someone read a book and managed to memorize enough of it to pass a test. Do not base your selection of Pen-Testers on only certifications. As far as agreements go, you would be wise to carefully read over any terms and conditions supplied by the company doing the tests. If there is anything in there you do not like or want added, speak up before you sign off on the proposal. If there isn't a terms and conditions - run like hell. The way I would choose a pen-testing or security consulting company would be by looking at their years in business, their experience, and their refferences. In my opinion - you are better off with an established, known company that can provide you with some good refferences. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend - I offend with my intent" hellNbak () nmrc org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- How to go about looking for a pen-tester Ershad Shafi Chowdhury (Jun 03)
- Re: How to go about looking for a pen-tester hellNbak (Jun 03)
- Re: How to go about looking for a pen-tester Etaoin Shrdlu (Jun 03)
- RE: How to go about looking for a pen-tester Kevin Timm (Jun 03)
- Re: How to go about looking for a pen-tester R. DuFresne (Jun 03)
- Summary: How to go about looking for a pen-tester Ershad Shafi Chowdhury (Jun 03)
- Re: Summary: How to go about looking for a pen-tester BrainSCAN (Jun 12)
- Re: How to go about looking for a pen-tester Etaoin Shrdlu (Jun 03)
- Re: How to go about looking for a pen-tester hellNbak (Jun 03)