More information about the Underscore mailing list

[_] Pen-testing

Andy Davies dajdavies at gmail.com
Fri Aug 5 14:26:25 BST 2016

Yes, our security team (NCC) don't just do pen testing but do code audits,
both web and native, application, OS level etc.



On 5 August 2016 at 10:00, Craig Francis <craig at craigfrancis.co.uk> wrote:

> Out of interest, has anyone had a test which involved the testers looking
> at the source code?
>
> It seems that all my testers just used an automated tool, with one
> exception who did a quick manual check as well (as in, they opened Chrome
> Dev Tools to double check the CSRF validation).
>
> Craig
>
>
>
>
>
> > On 5 Aug 2016, at 09:09, Alex Martin <alex at wearehalo.co.uk> wrote:
> >
> > Thanks Peter, will give them a shout.
> >
> > Alex
> >
> >
> >
> >>
> >>> Can anyone recommend companies to carry out independent pen-testing on
> our sites/environments? Usually fairly standard LAMP stuff (lots of
> Drupal). Have successfully used Nettitude in the past, but would be good to
> know some other providers.
> >>
> >> Think this lot were used by our clients to check over some e-commerce
> sites we'd done: https://www.nccgroup.trust/uk/
> >>
> >>
> >> Peter Marshall
> >>
> >
> > --
> > underscore_ list info/archive -> http://www.under-score.org.uk/
> mailman/listinfo/underscore
>
> --
> underscore_ list info/archive -> http://www.under-score.org.uk/
> mailman/listinfo/underscore
>