introlux
asked on
Penetration Testing - Assistance
Penetration Testing - Looking for an affordable solution to do web site pen testing without it costing us £1000(s) expenditure.
There are many pen testing companies out there however I am looking for a cost effective solution which will cater for doing the job.
Any suggestions?
There are many pen testing companies out there however I am looking for a cost effective solution which will cater for doing the job.
Any suggestions?
If you're looking for outside help, then I recommend creating a Gig so that you can get some bids.
Given that you don't have someone inside who could do the work, I would surely implore you to hire outside assistance. Even the cost you're trying to avoid now is considerably less than the cost of cleanup resulting from a poorly done pen test. What isn't helping your cause is the fact you haven't mentioned what your budget is. For example, if you felt that £2000 was too expensive, you're probably need to revise your numbers. There are various vendors you could look at, large and smaller. One of the biggest things is the exact scope of work and so on.
If you have someone on the inside who knew what they were doing, then I would look at Metasploit or Kali Linux, which is really a bundle of tools in one package.
Given that you don't have someone inside who could do the work, I would surely implore you to hire outside assistance. Even the cost you're trying to avoid now is considerably less than the cost of cleanup resulting from a poorly done pen test. What isn't helping your cause is the fact you haven't mentioned what your budget is. For example, if you felt that £2000 was too expensive, you're probably need to revise your numbers. There are various vendors you could look at, large and smaller. One of the biggest things is the exact scope of work and so on.
If you have someone on the inside who knew what they were doing, then I would look at Metasploit or Kali Linux, which is really a bundle of tools in one package.
This is more appropriately left for author comment. All posted comments are valid, and a best one really cannot be declared without further input.
Hi,
I can help you with pentesting or vulnerability assessment, can provide services with such tools like IBM AppScan, Acunetix, Nessus and manual testing with BurpSuite - if required for web app, otherwise if you need infrastructure pentest, can do with Nessus, nmap, metasploit and some other tools.
I can help you with pentesting or vulnerability assessment, can provide services with such tools like IBM AppScan, Acunetix, Nessus and manual testing with BurpSuite - if required for web app, otherwise if you need infrastructure pentest, can do with Nessus, nmap, metasploit and some other tools.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
That said yes there are a lot of companies that will do the testing for you. A general rule of thumb is you typically get what you pay for.
if you go with the cheapest company you will probably get someone who just runs the general open source tools against your environment and report back the basic info.
If you hire one of the more expensive companies you will likely get a test run against your environment with their in-house built pen testing tool with a full report of vulnerabilities at the end.
As for testing company recommendations you would need to provide the experts on the forum with a list of the types of test ect for them to give a good recommendation.
However a quick google will likely get you a similar result.