Top webapp pentesting vendors?
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
Top webapp pentesting vendors?
by Bill Stout-2
::
Rate this Message:
Hello All,
I'm not sure if this is an appropriate question for the list, but who are the top consulting companies or vendors for webapp security? Specifically, I'm searching for consulting orgs that can audit a complex web site with some ecommerce functions. Thanks, Bill Stout ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
RE: Top webapp pentesting vendors?
by Clint P. Garrison, MBA, CISSP
::
Rate this Message:
I would look at Trustwave. They specialize in e-commerce web applications
security, including pen-testing and code reviews. https://www.trustwave.com Send me your contact information and I can get you in touch with the right people to answer any questions you may have. Clint P. Garrison MBA, MS, CISSP, QSA -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Bill Stout Sent: Monday, April 07, 2008 6:56 PM To: webappsec@... Subject: Top webapp pentesting vendors? Hello All, I'm not sure if this is an appropriate question for the list, but who are the top consulting companies or vendors for webapp security? Specifically, I'm searching for consulting orgs that can audit a complex web site with some ecommerce functions. Thanks, Bill Stout ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
|
|
|
|
|
|
RE: Top webapp pentesting vendors?
by Darren Webb
::
Rate this Message:
Hello.
You might want to look at these guys. They did some really impressive stuff at the place I used to work at with our ecommerce site. http://www.korelogic.com/ If you can get the guys at their St. Louis office then I would also recommend this group. http://www.deloitte.com/dtt/home/0%2C1044%2Csid%25253D2000%2C00.html Thanks. Darren -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Bill Stout Sent: Monday, April 07, 2008 6:56 PM To: webappsec@... Subject: Top webapp pentesting vendors? Hello All, I'm not sure if this is an appropriate question for the list, but who are the top consulting companies or vendors for webapp security? Specifically, I'm searching for consulting orgs that can audit a complex web site with some ecommerce functions. Thanks, Bill Stout ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: Top webapp pentesting vendors?
by David Barnett
::
Rate this Message:
I would not consider Trustwave for any web application testing. They
are a PCI shop. I highly recommend WhiteHat. Everyone there really knows this area. Also, Spidynamics, or even Cybertrust, On Mon, Apr 7, 2008 at 10:36 PM, Clint P. Garrison <garrison.clint@...> wrote: > I would look at Trustwave. They specialize in e-commerce web applications > security, including pen-testing and code reviews. https://www.trustwave.com > Send me your contact information and I can get you in touch with the right > people to answer any questions you may have. > > Clint P. Garrison > MBA, MS, CISSP, QSA > > > > -----Original Message----- > From: listbounce@... [mailto:listbounce@...] On > Behalf Of Bill Stout > Sent: Monday, April 07, 2008 6:56 PM > To: webappsec@... > Subject: Top webapp pentesting vendors? > > Hello All, > I'm not sure if this is an appropriate question for the list, but who are > the top consulting companies or vendors for webapp security? > Specifically, I'm searching for consulting orgs that can audit a complex web > site with some ecommerce functions. > Thanks, > Bill Stout > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web > application security assessments should be considered a crucial phase in the > development of any web application. What methodology should be followed? > What tools can accelerate the assessment process? Download this Whitepaper > today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
RE: Top webapp pentesting vendors?
by Erin Carroll
::
Rate this Message:
I'll keep this to vendors since I don't want to pimp my own company for the
consulting portion of the question (trying to keep this advice neutral... but if you want to contact me off-list we kick ass in this area. Just sayin'... *grin*) I've used SPI Dynamic's WebInspect many times in the past both as an engagement-based license and as an annual purchase customer and can attest that the product is top notch. SPI was bought by HP so it's HP WebInspect now. Watchfire's AppScan is also an excellent product. With the newest release you have the ability to use external modules/apps for various call-out purposes or data dumps so it provides a fairly nice framework workspace with a lot of flexibility and extension. I don't have as much hands-on with their newest as WebInspect but they have consistently been solid. Others have mentioned vendors to look into but you have to realize that without some in-house expertise to get the best ROI and performance from these tools you're only going to catch the low-hanging fruit. If your application environment is very complex automated tools will only get you so far and will miss a lot. If these are major concerns then you may be better off going with a services solution provider that specializes in the area. You don't specify if this is compliance driven which is another factor to consider. Some consulting shops will provide great results from a vulnerability assessment viewpoint but may not be able to adequately address compliance or auditing concerns. Hope you find the info you are looking for, -- Erin Carroll Moderator, SecurityFocus pen-test mailing list amoeba@... "Do Not Taunt Happy-Fun Ball" -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of David Barnett Sent: Tuesday, April 08, 2008 7:09 PM To: webappsec@...; billbrietstout@... Subject: Re: Top webapp pentesting vendors? I would not consider Trustwave for any web application testing. They are a PCI shop. I highly recommend WhiteHat. Everyone there really knows this area. Also, Spidynamics, or even Cybertrust, On Mon, Apr 7, 2008 at 10:36 PM, Clint P. Garrison <garrison.clint@...> wrote: > I would look at Trustwave. They specialize in e-commerce web applications > security, including pen-testing and code reviews. https://www.trustwave.com > Send me your contact information and I can get you in touch with the right > people to answer any questions you may have. > > Clint P. Garrison > MBA, MS, CISSP, QSA > > > > -----Original Message----- > From: listbounce@... [mailto:listbounce@...] On > Behalf Of Bill Stout > Sent: Monday, April 07, 2008 6:56 PM > To: webappsec@... > Subject: Top webapp pentesting vendors? > > Hello All, > I'm not sure if this is an appropriate question for the list, but who are > the top consulting companies or vendors for webapp security? > Specifically, I'm searching for consulting orgs that can audit a complex web > site with some ecommerce functions. > Thanks, > Bill Stout > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web > application security assessments should be considered a crucial phase in the > development of any web application. What methodology should be followed? > What tools can accelerate the assessment process? Download this Whitepaper > today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
|
| Free Forum Powered by Nabble | Forum Help |