I do mean the goat book. I’ll keep my eyes out for 3e :) > On 4 Jul 2023, at 18:12, Harry Percival <harry.perci...@gmail.com> wrote: > > aw thanks for the compliment. 3E on the way (if you mean the goat book?) > > On Tue, 4 Jul 2023 at 17:17, William Mayor <m...@williammayor.co.uk > <mailto:m...@williammayor.co.uk>> wrote: >> Thanks Harry, that’s a really good idea! I’ll add that to my list :) >> >> (P.S. Love your book BTW I give it to all of my juniors :) ) >> >>> On 3 Jul 2023, at 18:48, Harry Percival <harry.perci...@gmail.com >>> <mailto:harry.perci...@gmail.com>> wrote: >>> >>> Have you considered bug bounty programmes? I think we used HackerOne back >>> in the day and got a few actionable fixes out of it, without ever spending >>> too much money. >>> >>> Iirc we'd pay out like $50 for little things that were arguably not real >>> vulns but just missing best practices (rate limiting password reset >>> requests was an example iirc? Bit worried someone will jump on me saying >>> how insanely important that is lol) - the kinds of things you can find with >>> an automated tool and minimal actual effort from the pentester -- and 10x >>> that (or more? Cant remember. In anycase i'm guessing H1 have suggested >>> payouts) for "real" bugs with PoC. >>> >>> You did have to deal with a bit of spam but overall it was worth it. >>> >>> Hp >>> >>> >>> >>> On Mon, 3 Jul 2023, 14:22 SW, <walke...@hotmail.co.uk >>> <mailto:walke...@hotmail.co.uk>> wrote: >>>> I can also add https://istormsolutions.co.uk/ - I have a friend who >>>> works there, though I've not used their services myself. >>>> >>>> Thanks, >>>> S >>>> >>>> On 03/07/2023 15:03, Gautier Hayoun wrote: >>>> > Hi William, >>>> > >>>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. >>>> > They are a small company based in the UK, and I was perfectly >>>> > satisfied when their pen test of a Django web application. >>>> > >>>> > Best, >>>> > >>>> > Gautier >>>> > >>>> > On 03/07/2023 13:55, William Mayor wrote: >>>> >> Hi! >>>> >> >>>> >> This isn’t exactly on topic, but I’m running out of leads on this >>>> >> one. Any help is appreciated :) >>>> >> >>>> >> I’m looking for a penetration/security testing company that can help >>>> >> me with a product that we’re building. It’s an API (written using >>>> >> FastAPI, so there is a python link in here :) ), with web and native >>>> >> app front ends. >>>> >> >>>> >> I’d like to have some kind of certified test conducted, to find all >>>> >> the security edge cases that I’ve undoubtably missed. >>>> >> >>>> >> We’re a small company (a social enterprise), so our budget isn’t great. >>>> >> >>>> >> So my question is, does anyone have any recommendations for a pen >>>> >> testing company that could help? >>>> >> >>>> >> Thank you! >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> python-uk mailing list >>>> >> python-uk@python.org <mailto:python-uk@python.org> >>>> >> https://mail.python.org/mailman/listinfo/python-uk >>>> > _______________________________________________ >>>> > python-uk mailing list >>>> > python-uk@python.org <mailto:python-uk@python.org> >>>> > https://mail.python.org/mailman/listinfo/python-uk >>>> >>>> _______________________________________________ >>>> python-uk mailing list >>>> python-uk@python.org <mailto:python-uk@python.org> >>>> https://mail.python.org/mailman/listinfo/python-uk >>> _______________________________________________ >>> python-uk mailing list >>> python-uk@python.org <mailto:python-uk@python.org> >>> https://mail.python.org/mailman/listinfo/python-uk >>
_______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
