.

I need a hacker

<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Sun Oct 30, 2011 4:26 pm

I need a hacker

Hi everyone, I'm looking to start-up an online business relatively soon but I've had some security issues in the past and I'm willing to take whatever measures necessary to ensure the safety of my work.. online.

Although I'm not a hacker, I do understand that in order to assure the safety of my computers personal information, I need someone who can keep up with the latest trends (in terms of hacking technology) to keep my working station safe and up to date.

While starting-up my business, I intend to take up courses on ethical hacking to cut the costs of me having to pay an ethical hacker to secure my private information on a long-term basis.

If any of you know of a TRUSTWORTHY candidate with proven credentials, I'd really appreciate some feedback from you.

Thank you all for your time.


Ps_107
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Oct 30, 2011 6:50 pm

Re: I need a hacker

Ps_107 wrote:If any of you know of a TRUSTWORTHY candidate with proven credentials, I'd really appreciate some feedback from you.


Even though you can find unethical hackers here, most of the members on this website, are ethical hackers (hence the website name) that are also trustworthy. (Often referred to as Whitehat.)

What you need, is a penetration tester. More specific, someone who knows about Web Application Security, as I figure your online business, is most likely based on a website service.


In order to get a qualified candidate, you should also state what kind of technology your online business is using, such as PHP (or ASP? Or something else?) which is the actual programming language, Webserver architecture (e.g., Apache? Perhaps you're using some not widely used webserver?), and database backend (MySQL? MS SQL? Oracle? Or something else?).

These are very important to mention, as some ethical hackers / penetration testers / web application security (experts), may be specialized in one type of language, database backend, webserver architecture, but also know about the others too naturally.

However, if you're looking for some of the best, state what the person should know about, as not all penetration testers are good at finding unknown vulnerabilities (known as 0days) in web applications, as some of these, actually may know a lot about binary exploit development instead. (Which refers to bugs in actual programs such as a PDF reader from Adobe.)


It's impossible to get a jack of all trades, who will be the best in all areas, so make sure you get what you seek. There's often 3-4 + many more different types I see in the community, where some of these are:
  • The Common Pentester / Ethical Hacker
  • The Web Application Security Professional
  • The Exploit Development Professional
  • The Cryptology and Theoretical Professional
  • The Security Life Cycle Developer

In your case, if your main concern (where the highest risk is), is the actual web application, then you need to get a web application security professional. (Someone who has specialized in web application security.)

The common pentester (i.e. penetration tester), will just run a few or many tools against your website, and look for known bugs, but that is where the penetration test (or perhaps just vulnerability assessment) ends.

There is a crowd-sourced service, where you can get your service tested, and even specify the rules of engagement, for less than what a normal penetration test or vulnerability assessment often costs.

Reference: https://www.hatforce.com/

I am not directly affiliated with this service, but I do participate in some of the tests there, which I take just as serious as any other test. The great thing about this site is that you only pay for the bugs found, so if there's no bugs found, you don't pay anything. (You can also specify the maximum amount of bugs you wish to pay for, so you don't end up having to pay for e.g., 10 bugs which may be out of your budget.)

If you don't think that hatforce seems like a trustable source, then contact the owner as I've recently heard, that they're making a group of selected individuals that they've worked with before, that can be trusted.

It's just a suggestion, as pentests generally costs quite a lot.


It also sounds great you're going to take ethical hacking courses, but keep in mind that you need to devote a lot of time, to become really good. With the right dedication, courses and mentorship, you can take a lot of shortcuts and possibly even save time and money. (Keep in mind a lot of infosec courses are often a bit expensive, but some of them even include certifications.)

If you're a complete beginner, then I suggest you start with e.g., The Hacking Dojo http://hackingdojo.com/ , even though there's other providers as well. The great thing about the hacking dojo, is that you have a mentor, who can help you including other students. (I'm a Shodan student there as well, and whenever I have time I try to contribute to the dojo as well.)

Anyone can become a hacker, but if you want to be good, then you need to dedicate yourself at some point and study hard  :)

That's probably the best recommendations I can give you for now, without knowing anything about your business and you as a person either.


A good section to post this type of request in (for future reference), would be "Looking to Hire". ( http://www.ethicalhacker.net/component/ ... oard,51.0/ )
I'm an InterN0T'er
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Mon Oct 31, 2011 12:29 am

Re: I need a hacker

MaXe wrote:
Ps_107 wrote:If any of you know of a TRUSTWORTHY candidate with proven credentials, I'd really appreciate some feedback from you.


Anyone can become a hacker, but if you want to be good, then you need to dedicate yourself at some point and study hard  :)

That's probably the best recommendations I can give you for now, without knowing anything about your business and you as a person either.


A good section to post this type of request in (for future reference), would be "Looking to Hire". ( http://www.ethicalhacker.net/component/ ... oard,51.0/ )


Thank you for the wealth of all of that information you've just provided me, it was extremely helpful.

Also, just so you all know, I didn't mean to come across as offensive towards any of you when I wrote the word TRUSTWORTHY.  It's just that "trust" happens to be my primary concern when looking to work with someone to handle my personal information is all..

But yeah, I'm definitely going to take everything you've said into consideration.  As a matter of fact, I may not have much of a choice at this point but to get "really good" in this field due to current circumstances.

But I know for a fact that I'll be needing a "Professional Penetration Tester" and a Web Application Security consultant.

It's funny how I perceived a Pen-Tester as being able to do it all.  I'm glad I've learned something new.

Lastly, I'm going to have to read-up on some basics on Computers in order to get a better grasp of you guys' "lingo."  I don't have much of an idea of what "PHP, ASP, MySQL, MS SQL and Oracle" means but I'll definitely learn.

Again, I truly appreciate you going out of your way to lead me in the right direction.

Take care and God Bless.


Ps_107
Last edited by Ps_107 on Mon Oct 31, 2011 12:31 am, edited 1 time in total.

Return to Looking To Hire

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software