Need recommendation for security audit

1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #391,946 by mvitale 7/15/14 1:57:29 PM Reply	Need recommendation for security audit I've built a website for my client. It's got https, encrypted passwords in the database, etc etc etc. But the client (rightly so) has requested a security audit in advance of presenting this to his Board of Directors. I'm not afraid to have my work get scanned/picked apart. I might even learn something along the way. PCI is not an issue. Who are the reputable players in this space? What's an average cost and timeframe likely to be to completion? -Mike @MikeVitale42 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #391,949 by boxley 7/15/14 3:03:53 PM Reply	a few nessus has a 7 day free trial and does web, what big players use http://www.tenable.com/products/nessus/evaluate opensource also http://w3af.org/ http://www.openvas.org/about.html Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
Post #391,954 by mvitale 7/15/14 4:14:17 PM Reply	Thanks. I'll take a look. -Mike @MikeVitale42 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #391,950 by boxley 7/15/14 3:05:04 PM Reply	also, is the database encrypted? data at rest should be encrypted Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
Post #391,953 by mvitale 7/15/14 4:13:58 PM Reply	Re: also, is the database encrypted? data at rest should be encrypted What data do you think needs to be encrypted in the database? In addition to there not being any PCI concerns, there also are not any HIPAA concerns. -Mike @MikeVitale42 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #391,960 by boxley 7/15/14 5:12:24 PM Reply	just usual paranoia :-) Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
Post #391,963 by folkert 7/15/14 5:15:16 PM Reply	SAS70? ACH? -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec

Need recommendation for security audit - (mvitale) - (6) - July 15, 2014, 01:57:29 PM EDT

a few - (boxley) - (1) - July 15, 2014, 03:03:53 PM EDT

Thanks. I'll take a look. -NT - (mvitale) - July 15, 2014, 04:14:17 PM EDT

also, is the database encrypted? data at rest should be encrypted -NT - (boxley) - (3) - July 15, 2014, 03:05:04 PM EDT

Re: also, is the database encrypted? data at rest should be encrypted - (mvitale) - (2) - July 15, 2014, 04:13:58 PM EDT

just usual paranoia :-) -NT - (boxley) - July 15, 2014, 05:12:24 PM EDT

SAS70? ACH? -NT - (folkert) - July 15, 2014, 05:15:16 PM EDT

iwethey.org

*gloat*
39 ms