Re: [Professional IT Security Providers - Exposed] Denim Group ( A - )

["Peter Dawson" <slash.pd () gmail com>]

woots with da pimping post  ?

On Dec 14, 2007 3:49 PM, secreview <secreview () hushmail com> wrote:

> The Denim Group <http://www.denimgroup.com/service.html> located at
> http://www.denimgroup.com is Security Services<http://www.denimgroup.com/service.html>Provider that focuses strictly 
> on Web
> Application Security Services <http://www.denimgroup.com/service.html>. We
> asked them why they chose the name Denim Group<http://www.denimgroup.com/service.html>and they said that it was a 
> marketing idea that enables them to stand out
> from the rest of the providers. (the name was actually thought up by a
> founders X wife) As it turns out, it was a good idea and it works! When we
> think Denim Group <http://www.denimgroup.com/service.html> the first thing
> that comes to mind is Clothing and what the hell does that have to do
> Application Security? Can't forget the name and the total lack of
> correlation.
>
> Aside from the name, we are actually pleased with what we found when we
> reviewed the Denim Group <http://www.denimgroup.com/service.html>. When we
> spoke with John Dickson we learned a lot about their methodology. We learned
> that the Denim Group <http://www.denimgroup.com/service.html> does use
> automated tools such as WebInspect to perform preliminary scans against
> target applications. They also use tools like fortify to perform source code
> reviews. That being said, automation only covers about 20% of the workload
> for the services that they deliver.
>
> The remaining 80% of the workload is done by high talent Web Application
> Security Specialists that truly understand how to harden a Web Application.
> They not only look for the common issues like Cross Site Scripting (No
> Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery,
> Remote File Inclusion, etc. but they also look for logic issues and other
> types of design flaws.
>
> The Denim Group <http://www.denimgroup.com/service.html> does use tools to
> help them perform their manual testing, as do most worthy security
> providers. The tools that they use are special interception proxies that
> enable them to view and manipulate conversations between client and server,
> amongst other similar manually intensive tools. This enables the Denim
> Group <http://www.denimgroup.com> to truly impact the quality of their
> deliverables with strong manual testing.
>
> All in all, if you are looking for a provider to perform Web Application
> Security type services, we think that the Denim Group
> <http://www.denimgroup.com/service.html>is a great fit. If you are looking
> for a full service Professional Security Services shop, well you'll probably
> have to look somewhere else because they do not offer Network Penetration
> Testing Services, Vulnerability Assessments, etc. That being said we were so
> impressed with the Denim Group <http://www.denimgroup.com/service.html>and the caliber of their service offerings, 
> that we decided to give them an
> A-. The only reason why they didn't get an A or an A+ is because they are
> technically not a full service shop. So, we recommend using the Denim
> Group, <http://www.denimgroup.com/> they kick ass!
>
> If you'd like to comment on this, please visit
> http://secreview.blogspot.com and post a comment. If you feel that this
> post is inaccurate, please let us know why and we'll consider your opinion
> for a review. Thanks for reading!
>
> --
> Posted By secreview to Professional IT Security Providers - 
> Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at 12/14/2007 12:13:00 PM
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/