Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Choosing A Penetration Test Partner


Published on

Some considerations when choosing a security auditing partner to help perform penetration tests.

  • Be the first to comment

Choosing A Penetration Test Partner

  1. 1. How To Choose A Penetration Testing Partner <ul><li>Trust is a major component of the equation. </li></ul><ul><ul><li>Do you have overall confidence in the firm? </li></ul></ul><ul><li>Ask two questions of every vendor: </li></ul><ul><ul><li>Can I see your testing methodology? </li></ul></ul><ul><ul><li>Can I see a list of the tools you will use? </li></ul></ul><ul><li>Make sure you know what you’re getting. </li></ul><ul><ul><li>Are you asking for a vulnerability assessment, risk assessment or a penetration test? </li></ul></ul>
  2. 2. How To Choose A Penetration Testing Partner <ul><li>Ask about certifications, supporting personnel, subject-matter experts. </li></ul><ul><ul><li>Look for both general and specific knowledge in a wide variety of technology areas. </li></ul></ul><ul><ul><li>How many tests has the company performed? </li></ul></ul><ul><ul><li>How many vertical markets? </li></ul></ul><ul><ul><li>What geographic areas are covered? </li></ul></ul><ul><ul><li>Does the company subcontract any work? </li></ul></ul>
  3. 3. How To Choose A Penetration Testing Partner <ul><li>Ask about deliverables! </li></ul><ul><ul><li>Will the report include directions for fixing problems? </li></ul></ul><ul><ul><li>Will the report stand on it's own, providing all knowledge for full remediation? </li></ul></ul><ul><ul><li>Does the documentation include tool output for independent verification? </li></ul></ul><ul><ul><li>Is the report full of boilerplate text? </li></ul></ul>
  4. 4. Next Steps <ul><li>Check References </li></ul><ul><li>Review the testing methodology </li></ul><ul><li>Review the list of tools used </li></ul><ul><li>Decide on exactly what type of testing you need </li></ul><ul><li>Ask for a scope of work with fixed pricing </li></ul>