.

External Pen Testing Companies?

<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 01, 2012 10:34 am

External Pen Testing Companies?

Hello all:

I am looking for some suggestions on some good external / third-party pen testing companies.  I am looking for some suggestions as we are in the market for a new company to perform these.

Thanks in advance!
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Thu Mar 01, 2012 1:48 pm

Re: External Pen Testing Companies?

In no particular order :
- InGuardians
- Rapid7
- Offsec
- StrikeForce
Last edited by Dark_Knight on Thu Mar 01, 2012 1:51 pm, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 01, 2012 3:38 pm

Re: External Pen Testing Companies?

Muchos gracias!
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Mar 01, 2012 3:44 pm

Re: External Pen Testing Companies?

SecureState
and the list goes on... 

(Was gonna give you the first few that Dark_Knight provided, but he beat me to the punch)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Mar 01, 2012 3:58 pm

Re: External Pen Testing Companies?

Shh, you guys. I PM'd him about consulting work. :-X

I've personally had great experiences with Fishnet Security and SecureIdeas as well.
The day you stop learning is the day you start becoming obsolete.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Mar 01, 2012 4:02 pm

Re: External Pen Testing Companies?

I'd stay away from the big companies unless you are spending a lot of cash. I've had bad experiences with the "bait n switch" where they send you resumes of rockstars with the SoW but then kindergartners show up on your doorstep. I find smaller firms with highly qualified folks (not all small firms have qualified folks) are hungrier for the work and more interested in delivering a quality product.
Last edited by tturner on Fri Mar 02, 2012 12:46 am, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Mar 01, 2012 4:03 pm

Re: External Pen Testing Companies?

ajohnson wrote:Shh, you guys. I PM'd him about consulting work. :-X


Sorry...  :-[

;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Fri Mar 02, 2012 4:46 am

Re: External Pen Testing Companies?

You could always look at HatForce, I'm pretty sure that would end up cheaper than some other places.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Mar 02, 2012 12:30 pm

Re: External Pen Testing Companies?

TheXero wrote:You could always look at HatForce, I'm pretty sure that would end up cheaper than some other places.


I second that, especially if you're looking for a company where you pay per bug found (in case you choose crowd-sourced tests), but there's also the option of trusted tests, meaning only a few (trusted) testers from Hatforce will participate, where you know these are professionals, that almost competes in an ethical way to give you the best test possible, and many of them works like this while having a day job too, because they have a deep passion for infosec.  :)
I'm an InterN0T'er
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Mar 06, 2012 10:08 am

Re: External Pen Testing Companies?

At the risk of forgetting someone, here's some more:

Infogressive
Lares
Fortify's new ShadowLabs (Part of HP)
Trustwave
Booz Allen Hamilton
Core Security

And there's plenty of big accounting firms that do 'assessments' or 'audits.'

Hope this helps,
Don

PS - If I did forget anyone, sorry. Feel free to add your name to the list or just send me a note.
CISSP, MCSE, CSTA, Security+ SME
<<

idr0p

Newbie
Newbie

Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Tue Mar 13, 2012 6:16 pm

Re: External Pen Testing Companies?

Rapid7
Dell SecureWorks
IBM ISS
GCIA GCIH GPEN GWAPT
Up Next: CISA CISSP
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Mar 13, 2012 9:15 pm

Re: External Pen Testing Companies?

Coalfire!
<<

ambient

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Feb 17, 2009 1:33 am

Location: Thailand

Post Wed Mar 14, 2012 3:30 am

Re: External Pen Testing Companies?

In UK,
Portcullis Security
NCC Group
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Mar 29, 2012 8:57 pm

Re: External Pen Testing Companies?

Adding a new section to our Links with the information in this thread and more. Check it out using the tabs at the top of the site... Resources > Links > Companies:

http://www.ethicalhacker.net/component/ ... Itemid,27/

It's not complete, but it's a good start. What do you think?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Mar 30, 2012 8:31 am

Re: External Pen Testing Companies?

Good idea.  Gets the point across that there are options, and helps folks see some that they might not already have been aware of.

Thanks.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software