IT Question – Penetration Testing
I’ll find out who we use and get back to you later…
We have to get it done monthly as part of our PCI accreditation.
We use nessus for our internal vulnerability scanning.
PaulPosted 4 years agoFuzzyWuzzyMember
We used http://www.dionach.com/ for a few years, seemed OK (we now have our own security services consultancy business so do it in-house).Posted 4 years ago
Something that amused me a couple of years ago is that our HR department tried to ban the use of the term “penetration testing” internally in case it offended anyone, fortunately common-sense prevailed…samuriMember
If you don’t take NZCol up on his offer then I’d recommend pentest
I can provide contact details. They’re NorthWest based as well.
He is right though, it’s quite hard to get your infrastructure wrong so app testing is a lot more important nowadays. get in touch if you want a chat about this.
If your new company is on a budget (this stuff is rarely cheap), then again, lets have a chat. One of my pentesting guys will probably be up for a bit of weekend work.Posted 4 years agopurpleyetiMember
NZCol which company is it?
another offer here i work for one of the bigger independent security consultancies so drop me a line if you want any info.
samuri – you clearly haven’t seen some of the networks i’ve tested, it’s amazing how wrong many professional people get their external networks. And internal is nearly always done poorly.Posted 4 years agoscuttlerMember
If you’re doing this for compliance then any old tools+report pen test company will do. If you’re doing it to really figure out what might happen and to set security budgets then you need to be testing your people and processes too (social engineering, phishing, incident response etc). This naturally costs more but will provide far more valid ‘state of the nation’ and give you a better idea of how you need to spend your security budget beyond tweaking some firewall rules and patching IIS.Posted 4 years ago
The topic ‘IT Question – Penetration Testing’ is closed to new replies.