Re: OT: External Security testing of websites
On Tue, Mar 15, 2011 at 5:57 PM, David Connors wrote: > On Tue, Mar 15, 2011 at 4:56 PM, Noon Silk wrote: >> On Tue, Mar 15, 2011 at 4:59 PM, Joseph Cooney >> wrote: >> > Putting a big 'fuck you guys' message on 4chan is a great way to have >> > your site pen-tested. Otherwise it's pay out 15-20k for some grad from >> > [expensive-consulting-company-with-agressive-legal-dept] to run some >> > scripts and copy-and-paste the output from the script window into a word >> > document. >> >> Obviously, these are far from the logical options. > > I agree. There is no way to get a pen test done by an external consultancy > of note for only $15-20K :) Yeah anyway, that's the whole problem with pens; it's not obvious, at least with pencils its pretty straightforward. And just carry a sharpener. > -- > David Connors | da...@codify.com | www.codify.com > Software Engineer > Codify Pty Ltd > Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 > 189 363 > V-Card: https://www.codify.com/cards/davidconnors > Address Info: https://www.codify.com/contact -- Noon Silk http://dnoondt.wordpress.com/ (Noon Silk) | http://www.mirios.com.au:8081 > Fancy a quantum lunch? http://www.mirios.com.au:8081/index.php?title=Quantum_Lunch "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature."
Re: OT: External Security testing of websites
On Tue, Mar 15, 2011 at 4:56 PM, Noon Silk wrote: > On Tue, Mar 15, 2011 at 4:59 PM, Joseph Cooney > wrote: > > Putting a big 'fuck you guys' message on 4chan is a great way to have > your site pen-tested. Otherwise it's pay out 15-20k for some grad from > > [expensive-consulting-company-with-agressive-legal-dept] to run some > scripts and copy-and-paste the output from the script window into a word > > document. > > Obviously, these are far from the logical options. > I agree. There is no way to get a pen test done by an external consultancy of note for only $15-20K :) -- *David Connors* | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
Re: OT: External Security testing of websites
On Tue, Mar 15, 2011 at 4:59 PM, Joseph Cooney wrote: > Putting a big 'fuck you guys' message on 4chan is a great way to have your > site pen-tested. Otherwise it's pay out 15-20k for some grad from > [expensive-consulting-company-with-agressive-legal-dept] to run some scripts > and copy-and-paste the output from the script window into a word > document. Obviously, these are far from the logical options. > Sent from my iPhone -- Noon Silk http://dnoondt.wordpress.com/ (Noon Silk) | http://www.mirios.com.au:8081 > Fancy a quantum lunch? http://www.mirios.com.au:8081/index.php?title=Quantum_Lunch "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature."
Re: OT: External Security testing of websites
Putting a big 'fuck you guys' message on 4chan is a great way to have your site pen-tested. Otherwise it's pay out 15-20k for some grad from [expensive-consulting-company-with-agressive-legal-dept] to run some scripts and copy-and-paste the output from the script window into a word document. Sent from my iPhone On 15/03/2011, at 3:03 PM, Simon Haigh wrote: > How do people get their websites tested by 3rd party security firms > without publishing them to a live environment and running the risk of > the site being hacked and/or internal networks being compromised. > > Do people have a 2nd 'sandbox' environment which is totally isolated > (airgapped) from your main business networks or do you just take the > risk. > > Thanks > Simon > > On 3/15/11, mike smith wrote: >> On Tue, Mar 15, 2011 at 3:12 PM, David Connors wrote: >>> [Window Title] >>> Windows Internet Explorer 9 >>> [Main Instruction] >>> Internet Explorer 9 is now installed >>> [Content] >>> Some Internet Explorer files were in use during setup. Restart your >>> computer >>> to use Internet Explorer 9. >>> [Restart now] [Restart later] >>> Fail. >> >> Yes, you still can't close IE completely... >> >> and >> >> http://www.itnews.com.au/News/251183,non-microsoft-hypervisors-miss-ie9-acceleration.aspx >> >> VMware, and I don't know which others. >> >> >> -- >> Meski >> >> "Going to Starbucks for coffee is like going to prison for sex. Sure, >> you'll get it, but it's going to be rough" - Adam Hills >> > > -- > Sent from my mobile device
OT: External Security testing of websites
How do people get their websites tested by 3rd party security firms without publishing them to a live environment and running the risk of the site being hacked and/or internal networks being compromised. Do people have a 2nd 'sandbox' environment which is totally isolated (airgapped) from your main business networks or do you just take the risk. Thanks Simon On 3/15/11, mike smith wrote: > On Tue, Mar 15, 2011 at 3:12 PM, David Connors wrote: >> [Window Title] >> Windows Internet Explorer 9 >> [Main Instruction] >> Internet Explorer 9 is now installed >> [Content] >> Some Internet Explorer files were in use during setup. Restart your >> computer >> to use Internet Explorer 9. >> [Restart now] [Restart later] >> Fail. > > Yes, you still can't close IE completely... > > and > > http://www.itnews.com.au/News/251183,non-microsoft-hypervisors-miss-ie9-acceleration.aspx > > VMware, and I don't know which others. > > > -- > Meski > > "Going to Starbucks for coffee is like going to prison for sex. Sure, > you'll get it, but it's going to be rough" - Adam Hills > -- Sent from my mobile device