Knowledgebase

Portal Home > Knowledgebase > Articles Database > Paying someone to try and discover security vulnerabilities in your script?


Paying someone to try and discover security vulnerabilities in your script?




Posted by LanceTan, 02-16-2011, 09:15 AM
Any reputable companies out there that will try and discover security vulnerabilities in your scripts?
Posted by razzezz, 02-16-2011, 09:16 AM
http://www.platinumservermanagement.com/ have been recommended many times on the forum for server management and security.
Posted by LanceTan, 02-16-2011, 09:28 AM
I more want to test out a particular script rather than a server to test for vulnerabilities in that script.
Posted by Jay H, 02-16-2011, 06:07 PM
It sounds like you are wanting a source code audit, which would provide you a security assessment. Try searching Google for "source code audit". You'll find a list of a lot of firms that do this, but it usually doesn't come cheap.
Posted by Patrick, 02-17-2011, 12:35 AM
As someone who finds security vulnerabilities in web applications including some well known control panels, billing software and client management platforms used in the web hosting industry... I think your best bet would be to simply post a copy of your script and ask people to have a whack at it. Post it to the Full Disclosure Security Mailing List, post it here on WHT, and invite people to give it everything they have - that's assuming you want to let random people take a stab at it. You'll find that source auditing companies can and will miss over some things and one pen-test company might not find something while another will... a lot of security testing is subjective on the person conducting the test. When I personally pen-test web applications, I follow a standard procedure to begin with but a lot of my flaws were found by just trying things outside of the box / random crap that came to me on the drive home or in the shower, it's all in the mindset and that's why I'm a bit skeptical of companies who do these things. I'm more of a fan of "crowd sourcing" where anyone and everyone can try to find security flaws. :] (Disclaimer, I don't have time to do any pen-testing.)


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Mysql error (Views: 612)
Domainandhosting.net in death throes? (Views: 600)
Question about RAID Controllers? (Views: 588)
HiVelocity Down?? (Views: 673)
Fortigate 50 reset (Views: 555)