Penetration Testing mailing list archives
RE: Application Assessment
From: Michael Gargiullo <mgargiullo () pvtpt com>
Date: Fri, 12 Aug 2005 23:25:00 -0400
<SNIP> If you go with a vendor, ask for a demo, preferrably a demo scan of one of your own servers. Then, you can choose the product/service that gives you the best, most useful, results. <SNIP> Tom gave some great tips. The company I'm with specializes in security auditing. The amount of time that goes into an application assessment can vary greatly. It's also wise to take a multi-pronged approach. Think about it like this, why break into your application, when I can break your database server or web server in a quarter of the time? A sample vulnerability scan of your servers is quick and easy for a company to do. A thorough test of your application is not. Automated tools will only go so far, as no computer can think like a human, or have the ingenuity of a determined attacker. To better gauge a security company, ask for a few sample reports. See how they operate, check out their methodology. Ask hard questions, and expect real answers. I hope this helps more then it hinders you in your search. Oh... Also check out F5's Application Firewall... truly a cool device designed to scan your app for vulnerabilities, then protect against malicious people. -Mike ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- RE: Application Assessment, (continued)
- RE: Application Assessment Mark Curphey (Aug 12)
- RE: Application Assessment Juan Carlos Reyes Muñoz (Aug 12)
- Re: RE: Application Assessment RUI PEREIRA - WCG (Aug 12)
- Re: RE: Application Assessment Kyle Starkey (Aug 12)
- RE: Application Assessment Ashley Vandiver (Aug 12)
- RE: Application Assessment Brokken, Allen P. (Aug 12)
- RE: Application Assessment Brokken, Allen P. (Aug 12)
- RE: Application Assessment Tom Stracener (Aug 12)
- Re: RE: Application Assessment secureuniverse (Aug 12)
- Re: Application Assessment Pete Herzog (Aug 13)
- RE: Application Assessment Michael Gargiullo (Aug 12)
- Re: Application Assessment goenw (Aug 17)
- RE: RE: Application Assessment Ory Segal (Aug 13)