How To Choose A Penetration Testing Partner <ul><li>Trust is a major component of the equation. </li></ul><ul><ul><li>Do y...
How To Choose A Penetration Testing Partner <ul><li>Ask about certifications, supporting personnel, subject-matter experts...
How To Choose A Penetration Testing Partner <ul><li>Ask about deliverables! </li></ul><ul><ul><li>Will the report include ...
Next Steps <ul><li>Check References </li></ul><ul><li>Review the testing methodology </li></ul><ul><li>Review the list of ...
Upcoming SlideShare
Loading in …5
×

Choosing A Penetration Test Partner

1,156 views
1,074 views

Published on

Some considerations when choosing a security auditing partner to help perform penetration tests.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,156
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Choosing A Penetration Test Partner

  1. 1. How To Choose A Penetration Testing Partner <ul><li>Trust is a major component of the equation. </li></ul><ul><ul><li>Do you have overall confidence in the firm? </li></ul></ul><ul><li>Ask two questions of every vendor: </li></ul><ul><ul><li>Can I see your testing methodology? </li></ul></ul><ul><ul><li>Can I see a list of the tools you will use? </li></ul></ul><ul><li>Make sure you know what you’re getting. </li></ul><ul><ul><li>Are you asking for a vulnerability assessment, risk assessment or a penetration test? </li></ul></ul>
  2. 2. How To Choose A Penetration Testing Partner <ul><li>Ask about certifications, supporting personnel, subject-matter experts. </li></ul><ul><ul><li>Look for both general and specific knowledge in a wide variety of technology areas. </li></ul></ul><ul><ul><li>How many tests has the company performed? </li></ul></ul><ul><ul><li>How many vertical markets? </li></ul></ul><ul><ul><li>What geographic areas are covered? </li></ul></ul><ul><ul><li>Does the company subcontract any work? </li></ul></ul>
  3. 3. How To Choose A Penetration Testing Partner <ul><li>Ask about deliverables! </li></ul><ul><ul><li>Will the report include directions for fixing problems? </li></ul></ul><ul><ul><li>Will the report stand on it's own, providing all knowledge for full remediation? </li></ul></ul><ul><ul><li>Does the documentation include tool output for independent verification? </li></ul></ul><ul><ul><li>Is the report full of boilerplate text? </li></ul></ul>
  4. 4. Next Steps <ul><li>Check References </li></ul><ul><li>Review the testing methodology </li></ul><ul><li>Review the list of tools used </li></ul><ul><li>Decide on exactly what type of testing you need </li></ul><ul><li>Ask for a scope of work with fixed pricing </li></ul>

×