woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview <[EMAIL PROTECTED]> wrote:
> The Denim Group <http://www.denimgroup.com/service.html> located at > http://www.denimgroup.com is Security > Services<http://www.denimgroup.com/service.html>Provider that focuses > strictly on Web > Application Security Services <http://www.denimgroup.com/service.html>. We > asked them why they chose the name Denim > Group<http://www.denimgroup.com/service.html>and they said that it was a > marketing idea that enables them to stand out > from the rest of the providers. (the name was actually thought up by a > founders X wife) As it turns out, it was a good idea and it works! When we > think Denim Group <http://www.denimgroup.com/service.html> the first thing > that comes to mind is Clothing and what the hell does that have to do > Application Security? Can't forget the name and the total lack of > correlation. > > Aside from the name, we are actually pleased with what we found when we > reviewed the Denim Group <http://www.denimgroup.com/service.html>. When we > spoke with John Dickson we learned a lot about their methodology. We learned > that the Denim Group <http://www.denimgroup.com/service.html> does use > automated tools such as WebInspect to perform preliminary scans against > target applications. They also use tools like fortify to perform source code > reviews. That being said, automation only covers about 20% of the workload > for the services that they deliver. > > The remaining 80% of the workload is done by high talent Web Application > Security Specialists that truly understand how to harden a Web Application. > They not only look for the common issues like Cross Site Scripting (No > Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery, > Remote File Inclusion, etc. but they also look for logic issues and other > types of design flaws. > > The Denim Group <http://www.denimgroup.com/service.html> does use tools to > help them perform their manual testing, as do most worthy security > providers. The tools that they use are special interception proxies that > enable them to view and manipulate conversations between client and server, > amongst other similar manually intensive tools. This enables the Denim > Group <http://www.denimgroup.com> to truly impact the quality of their > deliverables with strong manual testing. > > All in all, if you are looking for a provider to perform Web Application > Security type services, we think that the Denim Group > <http://www.denimgroup.com/service.html>is a great fit. If you are looking > for a full service Professional Security Services shop, well you'll probably > have to look somewhere else because they do not offer Network Penetration > Testing Services, Vulnerability Assessments, etc. That being said we were so > impressed with the Denim Group <http://www.denimgroup.com/service.html>and > the caliber of their service offerings, that we decided to give them an > A-. The only reason why they didn't get an A or an A+ is because they are > technically not a full service shop. So, we recommend using the Denim > Group, <http://www.denimgroup.com/> they kick ass! > > If you'd like to comment on this, please visit > http://secreview.blogspot.com and post a comment. If you feel that this > post is inaccurate, please let us know why and we'll consider your opinion > for a review. Thanks for reading! > > -- > Posted By secreview to Professional IT Security Providers - > Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at 12/14/2007 > 12:13:00 PM > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
