External Pen Testing Companies?

Viewing 14 reply threads
  • Author
    Posts
    • #7402
      Dengar13
      Participant

      Hello all:

      I am looking for some suggestions on some good external / third-party pen testing companies.  I am looking for some suggestions as we are in the market for a new company to perform these.

      Thanks in advance!

    • #46231
      Dark_Knight
      Participant

      In no particular order :
      – InGuardians
      – Rapid7
      – Offsec
      – StrikeForce

    • #46232
      Dengar13
      Participant

      Muchos gracias!

    • #46233
      hayabusa
      Participant

      SecureState
      and the list goes on… 

      (Was gonna give you the first few that Dark_Knight provided, but he beat me to the punch)

    • #46234
      dynamik
      Participant

      Shh, you guys. I PM’d him about consulting work. :-X

      I’ve personally had great experiences with Fishnet Security and SecureIdeas as well.

    • #46235
      tturner
      Participant

      I’d stay away from the big companies unless you are spending a lot of cash. I’ve had bad experiences with the “bait n switch” where they send you resumes of rockstars with the SoW but then kindergartners show up on your doorstep. I find smaller firms with highly qualified folks (not all small firms have qualified folks) are hungrier for the work and more interested in delivering a quality product.

    • #46236
      hayabusa
      Participant

      @ajohnson wrote:

      Shh, you guys. I PM’d him about consulting work. :-X

      Sorry…  :-[

      😉

    • #46237
      TheXero
      Participant

      You could always look at HatForce, I’m pretty sure that would end up cheaper than some other places.

    • #46238
      MaXe
      Participant

      @TheXero wrote:

      You could always look at HatForce, I’m pretty sure that would end up cheaper than some other places.

      I second that, especially if you’re looking for a company where you pay per bug found (in case you choose crowd-sourced tests), but there’s also the option of trusted tests, meaning only a few (trusted) testers from Hatforce will participate, where you know these are professionals, that almost competes in an ethical way to give you the best test possible, and many of them works like this while having a day job too, because they have a deep passion for infosec.  🙂

    • #46239
      Don Donzal
      Keymaster

      At the risk of forgetting someone, here’s some more:

      Infogressive
      Lares
      Fortify’s new ShadowLabs (Part of HP)
      Trustwave
      Booz Allen Hamilton
      Core Security

      And there’s plenty of big accounting firms that do ‘assessments’ or ‘audits.’

      Hope this helps,
      Don

      PS – If I did forget anyone, sorry. Feel free to add your name to the list or just send me a note.

    • #46240
      idr0p
      Participant

      Rapid7
      Dell SecureWorks
      IBM ISS

    • #46241
      cd1zz
      Participant

      Coalfire!

    • #46242
      ambient
      Participant

      In UK,
      Portcullis Security
      NCC Group

    • #46243
      Don Donzal
      Keymaster

      Adding a new section to our Links with the information in this thread and more. Check it out using the tabs at the top of the site… Resources > Links > Companies:

      http://www.ethicalhacker.net/component/option,com_weblinks/catid,45/Itemid,27/

      It’s not complete, but it’s a good start. What do you think?

      Don

    • #46244
      hayabusa
      Participant

      Good idea.  Gets the point across that there are options, and helps folks see some that they might not already have been aware of.

      Thanks.

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?