Your SlideShare is downloading. ×
0
Choosing A Penetration Test Partner
Choosing A Penetration Test Partner
Choosing A Penetration Test Partner
Choosing A Penetration Test Partner
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Choosing A Penetration Test Partner

983

Published on

Some considerations when choosing a security auditing partner to help perform penetration tests.

Some considerations when choosing a security auditing partner to help perform penetration tests.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
983
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How To Choose A Penetration Testing Partner <ul><li>Trust is a major component of the equation. </li></ul><ul><ul><li>Do you have overall confidence in the firm? </li></ul></ul><ul><li>Ask two questions of every vendor: </li></ul><ul><ul><li>Can I see your testing methodology? </li></ul></ul><ul><ul><li>Can I see a list of the tools you will use? </li></ul></ul><ul><li>Make sure you know what you’re getting. </li></ul><ul><ul><li>Are you asking for a vulnerability assessment, risk assessment or a penetration test? </li></ul></ul>
  • 2. How To Choose A Penetration Testing Partner <ul><li>Ask about certifications, supporting personnel, subject-matter experts. </li></ul><ul><ul><li>Look for both general and specific knowledge in a wide variety of technology areas. </li></ul></ul><ul><ul><li>How many tests has the company performed? </li></ul></ul><ul><ul><li>How many vertical markets? </li></ul></ul><ul><ul><li>What geographic areas are covered? </li></ul></ul><ul><ul><li>Does the company subcontract any work? </li></ul></ul>
  • 3. How To Choose A Penetration Testing Partner <ul><li>Ask about deliverables! </li></ul><ul><ul><li>Will the report include directions for fixing problems? </li></ul></ul><ul><ul><li>Will the report stand on it's own, providing all knowledge for full remediation? </li></ul></ul><ul><ul><li>Does the documentation include tool output for independent verification? </li></ul></ul><ul><ul><li>Is the report full of boilerplate text? </li></ul></ul>
  • 4. Next Steps <ul><li>Check References </li></ul><ul><li>Review the testing methodology </li></ul><ul><li>Review the list of tools used </li></ul><ul><li>Decide on exactly what type of testing you need </li></ul><ul><li>Ask for a scope of work with fixed pricing </li></ul>

×