Dear Niklas,
(my mail got stuck on friday, so here i just re-send).
unfortunately (me personally) does not have any experience with
hackertarget.com,
therefore i can not offer you any insights there. But i'd like to get
back to your
request and maybe we have a alternative ideas here for you:
- is there the Option for a Proxy? Many companies offer proxies for
outgoing traffic,
as for example when OS or Software Updates must connect to the C&C
servers, a proxy
would offer such functionality in a more secure way. Another such
thing could be VPN.
- an alternate option would be to bring the webservice into your
Network, meaning you
do a clone of the current version and host this clone in your internal
network on a
local running server or so. Then you can pentest atleast the web
application itself.
- rent a VPS and setup OpenVAS there, this comes by far cheaper than
what hackertarget
offers you
Downsides to hackertarget and similiar services:
Note that as soon as you perform Local Security Checks on your
webserver, your sensitive
data will be seen by 3rd Parties (hackertarget.com + their Hoster/ISP).
This also applies
if you Rent a VPS- but here is one positive thing, which makes renting a
VPS more attractive
than using hackertarget.com: you can make the server look unspicious,
while hackertarget.com
always forms an interesting target for criminals. If they get hacked one
day, your sensitive
data may be included in a dump of the attackers. (remember; the login to
YOUR scandata would
already be publically accessible).
It's not that i want to downvote this service, they may serve good for
small webshops and
and small companies who don't have the bucks for propper IT-Sec, but for
goverments or anything
bigger i would definately recommend more secure alternatives.
Last but not least (before spending money on half-baked solutions), feel
free to get in touch
with Greenbone's friendly sales team- they will happily provide you
information on the Products
and pricing to their solutions (just incase you are interested ;-)
Hope this helped.
Cheers,
Michael Eissele.
--
On 28.04.2017 13:21, Niklas Klein wrote:
Hello,
Does anyone have experience with hackertarget.com or similar services?
In short: Hackertarget offers to make vulnaribility scans against an
ip given to them. That would be interesting for us since we can not
leave our coporate network
with all the ports that would be necessary (only somy stuff like http,
https, rsync ... are allowed, the firewall is managed by an other
agency) but we would like to scan our corporate website which is
hosted somewhere else (Before you ask, I wont scan without permission
of the hoster)
Thanks in advance,
Niklas
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
