Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Cost of Penetration Testing
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:32:03 +0200

Hash: SHA1

-----Original Message-----
From: Deri Jones [mailto:Deri.Jones () NTA-MONITOR COM]
Sent: Tuesday, 12 September, 2000 7:24 PM
I'm not even sure that if we polled a percentage of our >200
customers, that
they would really know why they think we're good.  Their
staff are just not
familiar enough with testing to be able to judge.  (but maybe
I'm making a
fuss over nothing here - maybe it's the same when you take
the car down the
repair shop - when they say you need a new fu-fu valve, well - do you
respect them more because they found that out, or suspect that they're
exploiting your ignorance to sell repairs you don't need...:<)
Well, that's easy. Get the car serviced there a couple of times, then check
it out yourself. Went through a couple of repair shops that way. (the same
hard-to-get-at-parts sjowed up on the bill almost everytime, when I checked
they were still orig.)

Applying that to pen-testers might be a lil' more difficult, bt can be


If banking is your livelyhood (and considering what the public
perception of your bank would be if it were ever hacked) I
would probably
elect to have multiple pen-tests performed by different companies.
Amn to that!!

And just how many banks actually do that year on year... not more than
10 or 20% I'd say.  And how many banks are tested more than
once a year...
same % is my guess.
 I would even say doing that (and being able to porve it) would be good
advertisment. At least for me, I'd prefer a bank that's regularely tested
for sec. just like my car ;->
Anybody knows of (online-)banks in europe doing that?

Version: PGP Personal Privacy 6.5.1 Int.
Comment: Even paranoiacs have enemies!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]