Portal Home > Knowledgebase > Articles Database > Paying someone to try and discover security vulnerabilities in your script?
Paying someone to try and discover security vulnerabilities in your script?
|Posted by LanceTan, 02-16-2011, 09:15 AM|
|Any reputable companies out there that will try and discover security vulnerabilities in your scripts?
|Posted by razzezz, 02-16-2011, 09:16 AM|
|http://www.platinumservermanagement.com/ have been recommended many times on the forum for server management and security.
|Posted by LanceTan, 02-16-2011, 09:28 AM|
|I more want to test out a particular script rather than a server to test for vulnerabilities in that script.
|Posted by Jay H, 02-16-2011, 06:07 PM|
|It sounds like you are wanting a source code audit, which would provide you a security assessment. Try searching Google for "source code audit". You'll find a list of a lot of firms that do this, but it usually doesn't come cheap.
|Posted by Patrick, 02-17-2011, 12:35 AM|
|As someone who finds security vulnerabilities in web applications including some well known control panels, billing software and client management platforms used in the web hosting industry... I think your best bet would be to simply post a copy of your script and ask people to have a whack at it. Post it to the Full Disclosure Security Mailing List, post it here on WHT, and invite people to give it everything they have - that's assuming you want to let random people take a stab at it.
You'll find that source auditing companies can and will miss over some things and one pen-test company might not find something while another will... a lot of security testing is subjective on the person conducting the test. When I personally pen-test web applications, I follow a standard procedure to begin with but a lot of my flaws were found by just trying things outside of the box / random crap that came to me on the drive home or in the shower, it's all in the mindset and that's why I'm a bit skeptical of companies who do these things. I'm more of a fan of "crowd sourcing" where anyone and everyone can try to find security flaws. :]
(Disclaimer, I don't have time to do any pen-testing.)
Add to Favourites Print this Article
Order Form (Views: 388)