aw thanks for the compliment. 3E on the way (if you mean the goat book?) On Tue, 4 Jul 2023 at 17:17, William Mayor <m...@williammayor.co.uk> wrote:
> Thanks Harry, that’s a really good idea! I’ll add that to my list :) > > (P.S. Love your book BTW I give it to all of my juniors :) ) > > On 3 Jul 2023, at 18:48, Harry Percival <harry.perci...@gmail.com> wrote: > > Have you considered bug bounty programmes? I think we used HackerOne back > in the day and got a few actionable fixes out of it, without ever spending > too much money. > > Iirc we'd pay out like $50 for little things that were arguably not real > vulns but just missing best practices (rate limiting password reset > requests was an example iirc? Bit worried someone will jump on me saying > how insanely important that is lol) - the kinds of things you can find with > an automated tool and minimal actual effort from the pentester -- and 10x > that (or more? Cant remember. In anycase i'm guessing H1 have suggested > payouts) for "real" bugs with PoC. > > You did have to deal with a bit of spam but overall it was worth it. > > Hp > > > > On Mon, 3 Jul 2023, 14:22 SW, <walke...@hotmail.co.uk> wrote: > >> I can also add https://istormsolutions.co.uk/ - I have a friend who >> works there, though I've not used their services myself. >> >> Thanks, >> S >> >> On 03/07/2023 15:03, Gautier Hayoun wrote: >> > Hi William, >> > >> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. >> > They are a small company based in the UK, and I was perfectly >> > satisfied when their pen test of a Django web application. >> > >> > Best, >> > >> > Gautier >> > >> > On 03/07/2023 13:55, William Mayor wrote: >> >> Hi! >> >> >> >> This isn’t exactly on topic, but I’m running out of leads on this >> >> one. Any help is appreciated :) >> >> >> >> I’m looking for a penetration/security testing company that can help >> >> me with a product that we’re building. It’s an API (written using >> >> FastAPI, so there is a python link in here :) ), with web and native >> >> app front ends. >> >> >> >> I’d like to have some kind of certified test conducted, to find all >> >> the security edge cases that I’ve undoubtably missed. >> >> >> >> We’re a small company (a social enterprise), so our budget isn’t great. >> >> >> >> So my question is, does anyone have any recommendations for a pen >> >> testing company that could help? >> >> >> >> Thank you! >> >> >> >> >> >> _______________________________________________ >> >> python-uk mailing list >> >> python-uk@python.org >> >> https://mail.python.org/mailman/listinfo/python-uk >> > _______________________________________________ >> > python-uk mailing list >> > python-uk@python.org >> > https://mail.python.org/mailman/listinfo/python-uk >> >> _______________________________________________ >> python-uk mailing list >> python-uk@python.org >> https://mail.python.org/mailman/listinfo/python-uk >> > _______________________________________________ > python-uk mailing list > python-uk@python.org > https://mail.python.org/mailman/listinfo/python-uk > > >
_______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
