Penetration Testing - Assistance

Penetration Testing - Looking for an affordable solution to do web site pen testing without it costing us £1000(s) expenditure.

There are many pen testing companies out there however I am looking for a cost effective solution which will cater for doing the job.

Any suggestions?
introluxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobertSystem AdminCommented:
There are tools out there like metasploit framework and several open source pen testing software if you are up to doing the testing yourself.

That said yes there are a lot of companies that will do the testing for you. A general rule of thumb is you typically get what you pay for.
if you go with the cheapest company you will probably get someone who just runs the general open source tools against your environment and report back the basic info.
If you hire one of the more expensive companies you will likely get a test run against your environment with their in-house built pen testing tool with a full report of vulnerabilities at the end.

As for testing company recommendations you would need to provide the experts on the forum with a list of the types of test ect for them to give a good recommendation.
However a quick google will likely get you a similar result.
0
masnrockCommented:
This expert suggested creating a Gigs project.
If you're looking for outside help, then I recommend creating a Gig so that you can get some bids.

Given that you don't have someone inside who could do the work, I would surely implore you to hire outside assistance. Even the cost you're trying to avoid now is considerably less than the cost of cleanup resulting from a poorly done pen test. What isn't helping your cause is the fact you haven't mentioned what your budget is. For example, if you felt that £2000 was too expensive, you're probably need to revise your numbers. There are various vendors you could look at, large and smaller. One of the biggest things is the exact scope of work and so on.

If you have someone on the inside who knew what they were doing, then I would look at Metasploit or Kali Linux, which is really a bundle of tools in one package.
0
masnrockCommented:
This is more appropriately left for author comment. All posted comments are valid, and a best one really cannot be declared without further input.
0
Uladzislau MurashkaSenior Security EngineerCommented:
Hi,
I can help you with pentesting or vulnerability assessment, can provide services with such tools like IBM AppScan, Acunetix, Nessus and manual testing with BurpSuite - if required for web app, otherwise if you need infrastructure pentest, can do with Nessus, nmap, metasploit and some other tools.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.