mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:32:03 +0200
-----BEGIN PGP SIGNED MESSAGE-----
From: Deri Jones [mailto:Deri.Jones () NTA-MONITOR COM]
Sent: Tuesday, 12 September, 2000 7:24 PM
To: PEN-TEST () SECURITYFOCUS COM
I'm not even sure that if we polled a percentage of our >200
they would really know why they think we're good. Their
staff are just not
familiar enough with testing to be able to judge. (but maybe
I'm making a
fuss over nothing here - maybe it's the same when you take
the car down the
repair shop - when they say you need a new fu-fu valve, well - do you
respect them more because they found that out, or suspect that they're
exploiting your ignorance to sell repairs you don't need...:<)
Well, that's easy. Get the car serviced there a couple of times, then check
it out yourself. Went through a couple of repair shops that way. (the same
hard-to-get-at-parts sjowed up on the bill almost everytime, when I checked
they were still orig.)
Applying that to pen-testers might be a lil' more difficult, bt can be
If banking is your livelyhood (and considering what the public
perception of your bank would be if it were ever hacked) I
elect to have multiple pen-tests performed by different companies.
Amn to that!!
And just how many banks actually do that year on year... not more than
10 or 20% I'd say. And how many banks are tested more than
once a year...
same % is my guess.
I would even say doing that (and being able to porve it) would be good
advertisment. At least for me, I'd prefer a bank that's regularely tested
for sec. just like my car ;->
Anybody knows of (online-)banks in europe doing that?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1 Int.
Comment: Even paranoiacs have enemies!
-----END PGP SIGNATURE-----
- Re: [PEN-TEST] Cost of Penetration Testing, (continued)