On Fri, Nov 04, 2005 at 01:19:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> But also somewhat wrong: a black-box test is much cheaper than a full
> security audit of a system.
Well, I guess you mean "port scan". A Tiger Team who helps your security is
most often quite expensive cause it take
On Wed, Nov 02, 2005 at 11:14:22PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > I'm looking for (preferably) a company, or individual, to attempt to
> > breach a standard config I have created to deploy client applications
> > in production. It is intentionally a
On Wed, Nov 02, 2005 at 05:33:54PM -0800, Alvin Oga wrote:
> > The whole point of the test will be for me to monitor what's happening
>
> that you should already be seeing all the attacks you are already
> getitng just by the generic background white-noise-attacks
> - and its free ... and d
Perhaps I should rephrase:
Is there any company or individual on this list that provides
penetration testing services, can provide a sample report and sample
engagement contract with specific terms, has performed penetration
testing on debian servers running public-facing applications in the
hi ya alex
- lots of options .. too too too many ...
but bottom line ... you have to do the work .. not the
outside white-hat you're looking for
On Wed, 2 Nov 2005, alex black wrote:
> Not much, frankly. The idea here is to have someone that is not
> malicious, but is skilled, to attempt
In article <[EMAIL PROTECTED]> you wrote:
> I'm looking for (preferably) a company, or individual, to attempt to
> breach a standard config I have created to deploy client applications
> in production. It is intentionally a minimal config which is tightly
> locked down and audited daily.
I thin
--- Alvin Oga <[EMAIL PROTECTED]> wrote:
> questions for you
> - what else is in the goals for the security test,
> where i'm not
> using audit, pen-test, assessments and other
> "security words"
Just to see if you can get in, that's all.
> - what i
- Original Message -
From: "Harry" <[EMAIL PROTECTED]>
To: <>
Sent: Tuesday, November 01, 2005 10:48 AM
Subject: Re: whitehat to test a security config
--- Alvin Oga <[EMAIL PROTECTED]> wrote:
questions for you
- what else is in the goals for the
On Tue, 1 Nov 2005, Harry wrote:
> Perhaps the following questions should be asked first
>
> 1. How do we know know Mr Black is who he says he is?
> 2. How can we confirm the machine details he supplies
> are actually details of a machine that he owns?
... all valid points ..
- a face to face
--- Alvin Oga <[EMAIL PROTECTED]> wrote:
> questions for you
>
> - what else is in the goals for the security test,
> where i'm not
> using audit, pen-test, assessments and other
> "security words"
>
> - what is the consequence if some
> whitehat
t to know when doing a "security test", why use
that restriction for the "security tests"
script kiddies "tools" are just that, meant for the low lying fruits
due to the sheer number of machines out there for ez hits
questions for you
- what else is
a report on findings, with a limited overview of techniques and tools
used.
Please send any questions & proposals to me off-list:
[EMAIL PROTECTED]
Please include "whitehat:" in the subject :)
thanks,
_alex
--
alex black, founder
the turing studio, inc.
510.666.0074
[EMAIL PR
12 matches
Mail list logo
