[python-uk] Pen Testing for SMEs?
Harry Percival
harry.percival at gmail.com
Mon Jul 3 13:48:08 EDT 2023
Have you considered bug bounty programmes? I think we used HackerOne back
in the day and got a few actionable fixes out of it, without ever spending
too much money.
Iirc we'd pay out like $50 for little things that were arguably not real
vulns but just missing best practices (rate limiting password reset
requests was an example iirc? Bit worried someone will jump on me saying
how insanely important that is lol) - the kinds of things you can find with
an automated tool and minimal actual effort from the pentester -- and 10x
that (or more? Cant remember. In anycase i'm guessing H1 have suggested
payouts) for "real" bugs with PoC.
You did have to deal with a bit of spam but overall it was worth it.
Hp
On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk> wrote:
> I can also add https://istormsolutions.co.uk/ - I have a friend who
> works there, though I've not used their services myself.
>
> Thanks,
> S
>
> On 03/07/2023 15:03, Gautier Hayoun wrote:
> > Hi William,
> >
> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently.
> > They are a small company based in the UK, and I was perfectly
> > satisfied when their pen test of a Django web application.
> >
> > Best,
> >
> > Gautier
> >
> > On 03/07/2023 13:55, William Mayor wrote:
> >> Hi!
> >>
> >> This isn’t exactly on topic, but I’m running out of leads on this
> >> one. Any help is appreciated :)
> >>
> >> I’m looking for a penetration/security testing company that can help
> >> me with a product that we’re building. It’s an API (written using
> >> FastAPI, so there is a python link in here :) ), with web and native
> >> app front ends.
> >>
> >> I’d like to have some kind of certified test conducted, to find all
> >> the security edge cases that I’ve undoubtably missed.
> >>
> >> We’re a small company (a social enterprise), so our budget isn’t great.
> >>
> >> So my question is, does anyone have any recommendations for a pen
> >> testing company that could help?
> >>
> >> Thank you!
> >>
> >>
> >> _______________________________________________
> >> python-uk mailing list
> >> python-uk at python.org
> >> https://mail.python.org/mailman/listinfo/python-uk
> > _______________________________________________
> > python-uk mailing list
> > python-uk at python.org
> > https://mail.python.org/mailman/listinfo/python-uk
>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230703/8c398938/attachment.html>
More information about the python-uk
mailing list