Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: My Frustrations Step Two
From: Alex Moen <alexm () ndtel com>
Date: Thu, 18 Dec 2008 16:31:37 -0600

Actually, this should be done anyway as part of the initial contact with the client, defining the role that the pen tester will take and the scope that is suitable and expected.

Maybe some of the "biggies" in the industry could, or would, create some ideas for RFPs that the client (not the pen tester) should use when determining who will do the pen test, kind of an acid test for the selection. This might be a tough thing to do considering that each industry has different needs, but there should be something that they could come up with...

Alex



Leonardo Cavallari Militelli wrote:
Maybe the best solution should be define a sort of RFP (Request for
Proposal) and steer customers to use it as contractual clauses.


On Thu, Dec 18, 2008 at 10:27 AM, Adriel T. Desautels
<ad_lists () netragard com> wrote:
So it appears to me that the solution to this problem is to provide the
customer with ammunition so that they can quickly shoot down the fraudulent
security experts and properly identify the real ones. There are different
services, different classifications of service, different threat levels,
etc. If our customers knew how to identify what they needed, they could use
that to choose a good provider with much more success. But thats the real
problem isn't it? Our customers aren't security experts and as a result they
don't know what they need...

So, what questions can we arm our customers with so that they can weed out
the Frauds?


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]