Portal Home > Knowledgebase > Articles Database > Paying someone to try and discover security vulnerabilities in your script?


Paying someone to try and discover security vulnerabilities in your script?




Posted by LanceTan, 02-16-2011, 09:15 AM
Any reputable companies out there that will try and discover security vulnerabilities in your scripts?

Posted by razzezz, 02-16-2011, 09:16 AM
http://www.platinumservermanagement.com/ have been recommended many times on the forum for server management and security.

Posted by LanceTan, 02-16-2011, 09:28 AM
I more want to test out a particular script rather than a server to test for vulnerabilities in that script.

Posted by Jay H, 02-16-2011, 06:07 PM
It sounds like you are wanting a source code audit, which would provide you a security assessment. Try searching Google for "source code audit". You'll find a list of a lot of firms that do this, but it usually doesn't come cheap.

Posted by Patrick, 02-17-2011, 12:35 AM
As someone who finds security vulnerabilities in web applications including some well known control panels, billing software and client management platforms used in the web hosting industry... I think your best bet would be to simply post a copy of your script and ask people to have a whack at it. Post it to the Full Disclosure Security Mailing List, post it here on WHT, and invite people to give it everything they have - that's assuming you want to let random people take a stab at it. You'll find that source auditing companies can and will miss over some things and one pen-test company might not find something while another will... a lot of security testing is subjective on the person conducting the test. When I personally pen-test web applications, I follow a standard procedure to begin with but a lot of my flaws were found by just trying things outside of the box / random crap that came to me on the drive home or in the shower, it's all in the mindset and that's why I'm a bit skeptical of companies who do these things. I'm more of a fan of "crowd sourcing" where anyone and everyone can try to find security flaws. :] (Disclaimer, I don't have time to do any pen-testing.)



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Order Form (Views: 388)
shoutcast reseller (Views: 394)