|
Thanks and great suggestion on having them revisit the site afterwards.
|
|
|
|
|
One of our large corporate clients had some organization do penetration testing for us a couple of years ago. Some good feedback, some crap.
However, when it came to "o.k., who's going to pay for implementing all this?", nothing happened. I wonder what ever became of that information.
So, before setting out on this, make sure that someone has the wherewithal to actually act upon the results, or don't waste time.
|
|
|
|
|
Ok, time to lower the tone 'cos this topic recently came up at work and I'm not allowed to do this in the office.
Cue Eric Idle ...
Penetration Testing? Nudge nudge. Know what I mean. Nods as good as a wink to blind budgerigar. Say no more squire. Say no more.
(Nudge Nudge - Monty Python's Flying Circus - YouTube[^]
|
|
|
|
|
Got some initial prices for Pen Test from a vendor today.
Looks like range of prices are:
$ 2K - you do the work to get the application to comply
$20K - They hand hold you to get the application to comply
Some of the breakdowns are:
$2500 / day for onsite testing - usually 3-5 days
$8000 for code review.
$2000 for subscription to Dynamic Scan of application for one year. Can be run as many times as required and includes 3hrs of support (total)
$7000 for 3hrs per month of support.
Hope this helps others looking.
|
|
|
|
|
Paula Januszkiewicz is very good.
|
|
|
|
|
I leave for a few years and holy crap, the only things I recognize from the site is bob, the color orange, and some of the posters (OriginalGriff, Nish, Joan Murt, Nagy, Marc Clifton, Chris [of course, the hamster whisperer lives here!])..
How is everyone?
|
|
|
|
|
When did you move to Canada?
Good to see you again on the site. Last time you posted, that I remember, you were talking about some cool recipes you were working on.
|
|
|
|
|
Hahaha, the irony of my life man!
June 15, 2011, I get repatriated... 1/September, 2016, HPE makes me a phenomenal offer to move from Calgary, AB, Canada to Dubai, UAE (that's where I am officially, but I live in Amman, Jordan [again])...
I cry myself silently to sleep these days, but at least the income is good.
Last trip was to Madrid (I actually landed on New Year's day) and brought back 6 RPI 3s... can't source them easily in Amman, Jordan or in Dubai
|
|
|
|
|
The more things change, the more they stay the same. Welcome back! Any wintery regrets?
|
|
|
|
|
haha, I love this!
How is it going Bassam?
No regrets, though I would have loved it even more back in North America..
|
|
|
|
|
All's well. Just read your other post. I was traveling on New Year's Day as well. Save your income and leave when you can afford to again. My family would love for me to work there. Never tried applying.
|
|
|
|
|
There being where? Dubai?
Too flashy and fake if you ask me for my opinion...
Good money though
|
|
|
|
|
|
Sunshine is overrated.
You'll note that there still isn't a sarcasm emoji.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Extremely.
Give me my 6 months of twilight thank you very much, a double-double will do in place.
|
|
|
|
|
Don't forget myself and Chris Losinger... he's still lurking around here at times too.
Jeremy Falcon
|
|
|
|
|
Mustafa Ismail Mustafa wrote: How is everyone?
Faarrrkkkk you for forgetting me ya bastard.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Hahaha, you're probably the only one I'll take an insult from Mick and SMILE about it
Hanging out with Rajesh much these days?
|
|
|
|
|
Mustafa Ismail Mustafa wrote: Hanging out with Rajesh much these days?
No, the bastard moved to Melbourne.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Welcome back, Mustafa !
cheers, Bill
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
Ta Bill!
Its old home week here in CP as I see it
|
|
|
|
|
One of our customers hired some party to do a penetration test of our software throughout the week.
This morning half of our database backups failed.
Then, early afternoon, we got an email from one of the users, the system was pretty slow.
After that came a phone call, system seemed to be slow.
Checked out the server, nothing interesting going on.
Another email and then a phone call, things got slower and slower.
Turned out a DDoS was part of the friggin' penetration test, but only after we white listed their IP address.
Good thing they didn't tell anyone they were doing that.
Anyone here could have told them our server wasn't going to survive a DDoS
When we found out our firewall was getting a beating, remembered something about a pen test and called those guys they just yanked out their network cable and all went back to normal
|
|
|
|
|
Penetration Test? Are you referring to a wedding night?
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
We have a security test once a year. The rule number one: Do not give away nothing... All we give to the company doing the test is the address of the site...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Yeah, we did at first.
They tested and everything.
Don't know why they needed to be white listed after that.
And I certainly don't know why they would DDoS us after that
|
|
|
|