Re: whitehat to test a security config
In article <[🔎] 5c69840f54112c46968c22cfc3d3d632@turingstudio.com> you wrote:
> I'm looking for (preferably) a company, or individual, to attempt to
> breach a standard config I have created to deploy client applications
> in production. It is intentionally a minimal config which is tightly
> locked down and audited daily.
I think it is very bad efficiency to do black-box testing. Because it
requires a very good attacker and much time to find a problem. And if you
dont find one, you can't be shure you are secure. It is much better to let
the external auditor verify your configuration. Give them access to all
config files and documentation, your risk matrix etc. This is much cheaper
and much more sucessfull.
Gruss
Bernd
Reply to: