[Owasp-dallas] OWASP-Dallas Digest, Vol 37, Issue 1

Matt Parsons mparsons1980 at gmail.com
Sat Oct 1 17:13:52 EDT 2011


I can do the job.  I will even do the automated portion of the assessment for free.  I only charge for manual exploitation and remediation assistance.   Check out my blog for some of my work, references and a sample report.  Http://www.parsonsisconsultingblog.com 

Thank you, 
Matt Parsons 

Sent from my iPhone

On Oct 1, 2011, at 11:00 AM, owasp-dallas-request at lists.owasp.org wrote:

> Send OWASP-Dallas mailing list submissions to
>    owasp-dallas at lists.owasp.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.owasp.org/mailman/listinfo/owasp-dallas
> or, via email, send a message with subject or body 'help' to
>    owasp-dallas-request at lists.owasp.org
> 
> You can reach the person managing the list at
>    owasp-dallas-owner at lists.owasp.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Dallas digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Penetration testing (Shaun Zinck)
>   2. Re: Penetration testing (Mike.McGilvray at Foundstone.com)
>   3. Re: Penetration testing (Tim Shelton)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 30 Sep 2011 16:37:12 -0500
> From: Shaun Zinck <shaun.zinck at gmail.com>
> Subject: Re: [Owasp-dallas] Penetration testing
> To: wayne at photographic.org
> Cc: owasp-dallas <owasp-dallas at lists.owasp.org>
> Message-ID:
>    <CAOcMyDNHfhBmtcTYY13PT+yNJQnEc7bg=d99Ms-xs7q8O0pNvg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi Wayne
> 
> The company I work for is also looking for a provider who can do a security
> assessment of 1 or 2 of our external facing web applications.  In your
> search, did you find any companies worth mentioning, or does anyone else on
> the list have other suggestions that haven't been mentioned before? (I will
> look at the previously mentioned companies - just didn't know if anything
> new has popped up)
> 
> Our needs are for a vulnerability scan/security assessment of one or two
> production web applications, so not destructive penetration tests.  Also, we
> won't be able to give access to our source code.
> 
> Thanks
> Shaun Zinck
> 
> 
> On Thu, Jun 23, 2011 at 10:26 AM, Wayne <waynegs at gmail.com> wrote:
> 
>> Just wondering if there is a company/person out there someone could
>> recommend for a penetration test.  In the past we have hired some that just
>> run Nessus and call it a day.
>> 
>> I would love to find one that puts a little more effort into the testing.
>> 
>> Thanks,
>> 
>> Wayne
>> _______________________________________________
>> OWASP-Dallas mailing list
>> OWASP-Dallas at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-dallas
>> 
>> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20110930/311e48c3/attachment-0001.html 
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 30 Sep 2011 16:58:14 -0500
> From: <Mike.McGilvray at Foundstone.com>
> Subject: Re: [Owasp-dallas] Penetration testing
> To: <shaun.zinck at gmail.com>, <wayne at photographic.org>
> Cc: owasp-dallas at lists.owasp.org
> Message-ID:
>    <09219A0018F77840A14617AF91BEA3393ADB3FD7F7 at AMERDALEXMB1.corp.nai.org>
> Content-Type: text/plain; charset="us-ascii"
> 
> Shaun / Wayne,
> 
> I'd be happy to put you guys in touch with one of our Foundstone sales reps who can get you each a quote. OWASP was started by a former Foundstone employee named Mark Curphey and I can promise you we won't just be running Nessus & Nikto. Let me know if I can be of further assistance.
> 
> Thanks,
> 
> Mike McGilvray
> 972.837.3049 (Mobile)
> 
> From: owasp-dallas-bounces at lists.owasp.org [mailto:owasp-dallas-bounces at lists.owasp.org] On Behalf Of Shaun Zinck
> Sent: Friday, September 30, 2011 4:37 PM
> To: wayne at photographic.org
> Cc: owasp-dallas
> Subject: Re: [Owasp-dallas] Penetration testing
> 
> Hi Wayne
> 
> The company I work for is also looking for a provider who can do a security assessment of 1 or 2 of our external facing web applications.  In your search, did you find any companies worth mentioning, or does anyone else on the list have other suggestions that haven't been mentioned before? (I will look at the previously mentioned companies - just didn't know if anything new has popped up)
> 
> Our needs are for a vulnerability scan/security assessment of one or two production web applications, so not destructive penetration tests.  Also, we won't be able to give access to our source code.
> 
> Thanks
> Shaun Zinck
> 
> On Thu, Jun 23, 2011 at 10:26 AM, Wayne <waynegs at gmail.com<mailto:waynegs at gmail.com>> wrote:
> Just wondering if there is a company/person out there someone could recommend for a penetration test.  In the past we have hired some that just run Nessus and call it a day.
> 
> I would love to find one that puts a little more effort into the testing.
> 
> Thanks,
> 
> Wayne
> _______________________________________________
> OWASP-Dallas mailing list
> OWASP-Dallas at lists.owasp.org<mailto:OWASP-Dallas at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-dallas
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20110930/2e139ebe/attachment-0001.html 
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 30 Sep 2011 17:54:43 -0500
> From: Tim Shelton <tshelton at hawkdefense.com>
> Subject: Re: [Owasp-dallas] Penetration testing
> To: Shaun Zinck <shaun.zinck at gmail.com>
> Cc: "wayne at photographic.org" <wayne at photographic.org>,    owasp-dallas
>    <owasp-dallas at lists.owasp.org>
> Message-ID: <17E824FA-2301-4205-A8CF-3C46C83BFC4C at hawkdefense.com>
> Content-Type: text/plain; charset="us-ascii"
> 
> Call me and I can quote you. It'll be around $5k-6k for 2 webapps assessments @ 40hrs of work. FYI 
> 
> Tim. 214.662.9801
> 
> 
> On Sep 30, 2011, at 4:37 PM, Shaun Zinck <shaun.zinck at gmail.com> wrote:
> 
>> Hi Wayne
>> 
>> The company I work for is also looking for a provider who can do a security assessment of 1 or 2 of our external facing web applications.  In your search, did you find any companies worth mentioning, or does anyone else on the list have other suggestions that haven't been mentioned before? (I will look at the previously mentioned companies - just didn't know if anything new has popped up)
>> 
>> Our needs are for a vulnerability scan/security assessment of one or two production web applications, so not destructive penetration tests.  Also, we won't be able to give access to our source code.
>> 
>> Thanks
>> Shaun Zinck
>> 
>> 
>> On Thu, Jun 23, 2011 at 10:26 AM, Wayne <waynegs at gmail.com> wrote:
>> Just wondering if there is a company/person out there someone could recommend for a penetration test.  In the past we have hired some that just run Nessus and call it a day.
>> 
>> I would love to find one that puts a little more effort into the testing.
>> 
>> Thanks,
>> 
>> Wayne 
>> _______________________________________________
>> OWASP-Dallas mailing list
>> OWASP-Dallas at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-dallas
>> 
>> 
>> _______________________________________________
>> OWASP-Dallas mailing list
>> OWASP-Dallas at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-dallas
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20110930/10ea1c19/attachment-0001.html 
> 
> ------------------------------
> 
> _______________________________________________
> OWASP-Dallas mailing list
> OWASP-Dallas at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-dallas
> 
> 
> End of OWASP-Dallas Digest, Vol 37, Issue 1
> *******************************************


More information about the OWASP-Dallas mailing list