[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: whitehat to test a security config



In article <[🔎] 5c69840f54112c46968c22cfc3d3d632@turingstudio.com> you wrote:
> I'm looking for (preferably) a company, or individual, to attempt to 
> breach a standard config I have created to deploy client applications 
> in production. It is intentionally a minimal config which is tightly 
> locked down and audited daily.

I think it is very bad efficiency to do black-box testing. Because it
requires a very good attacker and much time to find a problem. And if you
dont find one, you can't be shure you are secure. It is much better to let
the external auditor verify your configuration. Give them access to all
config files and documentation, your risk matrix etc. This is much cheaper
and much more sucessfull.

Gruss
Bernd



Reply to: