woots with da pimping post ?
On Dec 14, 2007 3:49 PM, secreview <secreview () hushmail com> wrote:
The Denim Group <http://www.denimgroup.com/service.html> located
at
http://www.denimgroup.com is Security
Services<http://www.denimgroup.com/service.html>Provider that
focuses strictly on Web
Application Security Services
<http://www.denimgroup.com/service.html>. We
asked them why they chose the name Denim
Group<http://www.denimgroup.com/service.html>and they said that it
was a marketing idea that enables them to stand out
from the rest of the providers. (the name was actually thought
up by a
founders X wife) As it turns out, it was a good idea and it
works! When we
think Denim Group <http://www.denimgroup.com/service.html> the
first thing
that comes to mind is Clothing and what the hell does that have
to do
Application Security? Can't forget the name and the total lack
of
correlation.
Aside from the name, we are actually pleased with what we found
when we
reviewed the Denim Group
<http://www.denimgroup.com/service.html>. When we
spoke with John Dickson we learned a lot about their
methodology. We learned
that the Denim Group <http://www.denimgroup.com/service.html>
does use
automated tools such as WebInspect to perform preliminary scans
against
target applications. They also use tools like fortify to perform
source code
reviews. That being said, automation only covers about 20% of
the workload
for the services that they deliver.
The remaining 80% of the workload is done by high talent Web
Application
Security Specialists that truly understand how to harden a Web
Application.
They not only look for the common issues like Cross Site
Scripting (No
Sacure, its not called Cross-Site Shipping) , Cross Site Request
Forgery,
Remote File Inclusion, etc. but they also look for logic issues
and other
types of design flaws.
The Denim Group <http://www.denimgroup.com/service.html> does
use tools to
help them perform their manual testing, as do most worthy
security
providers. The tools that they use are special interception
proxies that
enable them to view and manipulate conversations between client
and server,
amongst other similar manually intensive tools. This enables the
Denim
Group <http://www.denimgroup.com> to truly impact the quality of
their
deliverables with strong manual testing.
All in all, if you are looking for a provider to perform Web
Application
Security type services, we think that the Denim Group
<http://www.denimgroup.com/service.html>is a great fit. If you
are looking
for a full service Professional Security Services shop, well
you'll probably
have to look somewhere else because they do not offer Network
Penetration
Testing Services, Vulnerability Assessments, etc. That being
said we were so
impressed with the Denim Group
<http://www.denimgroup.com/service.html>and the caliber of their
service offerings, that we decided to give them an
A-. The only reason why they didn't get an A or an A+ is because
they are
technically not a full service shop. So, we recommend using the
Denim
Group, <http://www.denimgroup.com/> they kick ass!
If you'd like to comment on this, please visit
http://secreview.blogspot.com and post a comment. If you feel
that this
post is inaccurate, please let us know why and we'll consider
your opinion
for a review. Thanks for reading!
--
Posted By secreview to Professional IT Security Providers -
Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at
12/14/2007 12:13:00 PM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Intro
