From mail at williammayor.co.uk  Mon Jul  3 08:55:26 2023
From: mail at williammayor.co.uk (William Mayor)
Date: Mon, 3 Jul 2023 13:55:26 +0100
Subject: [python-uk] Pen Testing for SMEs?
Message-ID: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>

Hi!

This isn?t exactly on topic, but I?m running out of leads on this one. Any help is appreciated :)

I?m looking for a penetration/security testing company that can help me with a product that we?re building. It?s an API (written using FastAPI, so there is a python link in here :) ), with web and native app front ends.

I?d like to have some kind of certified test conducted, to find all the security edge cases that I?ve undoubtably missed.

We?re a small company (a social enterprise), so our budget isn?t great.

So my question is, does anyone have any recommendations for a pen testing company that could help?

Thank you!



From mail at williammayor.co.uk  Mon Jul  3 08:55:26 2023
From: mail at williammayor.co.uk (William Mayor)
Date: Mon, 3 Jul 2023 13:55:26 +0100
Subject: [python-uk] Pen Testing for SMEs?
Message-ID: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>

Hi!

This isn?t exactly on topic, but I?m running out of leads on this one. Any help is appreciated :)

I?m looking for a penetration/security testing company that can help me with a product that we?re building. It?s an API (written using FastAPI, so there is a python link in here :) ), with web and native app front ends.

I?d like to have some kind of certified test conducted, to find all the security edge cases that I?ve undoubtably missed.

We?re a small company (a social enterprise), so our budget isn?t great.

So my question is, does anyone have any recommendations for a pen testing company that could help?

Thank you!



From ghayoun at gmail.com  Mon Jul  3 09:03:53 2023
From: ghayoun at gmail.com (Gautier Hayoun)
Date: Mon, 3 Jul 2023 14:03:53 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
Message-ID: <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>

Hi William,

I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. 
They are a small company based in the UK, and I was perfectly satisfied 
when their pen test of a Django web application.

Best,

Gautier

On 03/07/2023 13:55, William Mayor wrote:
> Hi!
>
> This isn?t exactly on topic, but I?m running out of leads on this one. Any help is appreciated :)
>
> I?m looking for a penetration/security testing company that can help me with a product that we?re building. It?s an API (written using FastAPI, so there is a python link in here :) ), with web and native app front ends.
>
> I?d like to have some kind of certified test conducted, to find all the security edge cases that I?ve undoubtably missed.
>
> We?re a small company (a social enterprise), so our budget isn?t great.
>
> So my question is, does anyone have any recommendations for a pen testing company that could help?
>
> Thank you!
>
>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk

From mail at williammayor.co.uk  Mon Jul  3 09:19:53 2023
From: mail at williammayor.co.uk (William Mayor)
Date: Mon, 3 Jul 2023 14:19:53 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
Message-ID: <F7E4D71B-08E1-45B7-BE9D-AD6F963F5006@williammayor.co.uk>

Thanks Gautier, I?ve reached out to them :)

> On 3 Jul 2023, at 14:03, Gautier Hayoun <ghayoun at gmail.com> wrote:
> 
> Hi William,
> 
> I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. They are a small company based in the UK, and I was perfectly satisfied when their pen test of a Django web application.
> 
> Best,
> 
> Gautier
> 
> On 03/07/2023 13:55, William Mayor wrote:
>> Hi!
>> 
>> This isn?t exactly on topic, but I?m running out of leads on this one. Any help is appreciated :)
>> 
>> I?m looking for a penetration/security testing company that can help me with a product that we?re building. It?s an API (written using FastAPI, so there is a python link in here :) ), with web and native app front ends.
>> 
>> I?d like to have some kind of certified test conducted, to find all the security edge cases that I?ve undoubtably missed.
>> 
>> We?re a small company (a social enterprise), so our budget isn?t great.
>> 
>> So my question is, does anyone have any recommendations for a pen testing company that could help?
>> 
>> Thank you!
>> 
>> 
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk


From walker_s at hotmail.co.uk  Mon Jul  3 09:06:27 2023
From: walker_s at hotmail.co.uk (SW)
Date: Mon, 3 Jul 2023 15:06:27 +0200
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
Message-ID: <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>

I can also add https://istormsolutions.co.uk/ - I have a friend who 
works there, though I've not used their services myself.

Thanks,
S

On 03/07/2023 15:03, Gautier Hayoun wrote:
> Hi William,
>
> I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. 
> They are a small company based in the UK, and I was perfectly 
> satisfied when their pen test of a Django web application.
>
> Best,
>
> Gautier
>
> On 03/07/2023 13:55, William Mayor wrote:
>> Hi!
>>
>> This isn?t exactly on topic, but I?m running out of leads on this 
>> one. Any help is appreciated :)
>>
>> I?m looking for a penetration/security testing company that can help 
>> me with a product that we?re building. It?s an API (written using 
>> FastAPI, so there is a python link in here :) ), with web and native 
>> app front ends.
>>
>> I?d like to have some kind of certified test conducted, to find all 
>> the security edge cases that I?ve undoubtably missed.
>>
>> We?re a small company (a social enterprise), so our budget isn?t great.
>>
>> So my question is, does anyone have any recommendations for a pen 
>> testing company that could help?
>>
>> Thank you!
>>
>>
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk


From harry.percival at gmail.com  Mon Jul  3 13:48:08 2023
From: harry.percival at gmail.com (Harry Percival)
Date: Mon, 3 Jul 2023 18:48:08 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
 <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>
Message-ID: <CACFvh983tKVMT-9WkMtr0YTFH2twZgOeYfXtPLmd8dck5YD=rg@mail.gmail.com>

Have you considered bug bounty programmes? I think we used HackerOne back
in the day and got a few actionable fixes out of it, without ever spending
too much money.

Iirc we'd pay out like $50 for little things that were arguably not real
vulns but just missing best practices (rate limiting password reset
requests was an example iirc? Bit worried someone will jump on me saying
how insanely important that is lol) - the kinds of things you can find with
an automated tool and minimal actual effort from the pentester -- and 10x
that (or more? Cant remember. In anycase i'm guessing H1 have suggested
payouts) for "real" bugs with PoC.

You did have to deal with a bit of spam but overall it was worth it.

Hp



On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk> wrote:

> I can also add https://istormsolutions.co.uk/ - I have a friend who
> works there, though I've not used their services myself.
>
> Thanks,
> S
>
> On 03/07/2023 15:03, Gautier Hayoun wrote:
> > Hi William,
> >
> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently.
> > They are a small company based in the UK, and I was perfectly
> > satisfied when their pen test of a Django web application.
> >
> > Best,
> >
> > Gautier
> >
> > On 03/07/2023 13:55, William Mayor wrote:
> >> Hi!
> >>
> >> This isn?t exactly on topic, but I?m running out of leads on this
> >> one. Any help is appreciated :)
> >>
> >> I?m looking for a penetration/security testing company that can help
> >> me with a product that we?re building. It?s an API (written using
> >> FastAPI, so there is a python link in here :) ), with web and native
> >> app front ends.
> >>
> >> I?d like to have some kind of certified test conducted, to find all
> >> the security edge cases that I?ve undoubtably missed.
> >>
> >> We?re a small company (a social enterprise), so our budget isn?t great.
> >>
> >> So my question is, does anyone have any recommendations for a pen
> >> testing company that could help?
> >>
> >> Thank you!
> >>
> >>
> >> _______________________________________________
> >> python-uk mailing list
> >> python-uk at python.org
> >> https://mail.python.org/mailman/listinfo/python-uk
> > _______________________________________________
> > python-uk mailing list
> > python-uk at python.org
> > https://mail.python.org/mailman/listinfo/python-uk
>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230703/8c398938/attachment.html>

From mail at williammayor.co.uk  Tue Jul  4 12:17:20 2023
From: mail at williammayor.co.uk (William Mayor)
Date: Tue, 4 Jul 2023 17:17:20 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <CACFvh983tKVMT-9WkMtr0YTFH2twZgOeYfXtPLmd8dck5YD=rg@mail.gmail.com>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
 <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>
 <CACFvh983tKVMT-9WkMtr0YTFH2twZgOeYfXtPLmd8dck5YD=rg@mail.gmail.com>
Message-ID: <5816BE9E-0E76-4BA0-A045-65525346B795@williammayor.co.uk>

Thanks Harry, that?s a really good idea! I?ll add that to my list :)

(P.S. Love your book BTW I give it to all of my juniors :) )

> On 3 Jul 2023, at 18:48, Harry Percival <harry.percival at gmail.com> wrote:
> 
> Have you considered bug bounty programmes? I think we used HackerOne back in the day and got a few actionable fixes out of it, without ever spending too much money.
> 
> Iirc we'd pay out like $50 for little things that were arguably not real vulns but just missing best practices (rate limiting password reset requests was an example iirc? Bit worried someone will jump on me saying how insanely important that is lol) - the kinds of things you can find with an automated tool and minimal actual effort from the pentester -- and 10x that (or more? Cant remember. In anycase i'm guessing H1 have suggested payouts) for "real" bugs with PoC.
> 
> You did have to deal with a bit of spam but overall it was worth it.
> 
> Hp
> 
> 
> 
> On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk <mailto:walker_s at hotmail.co.uk>> wrote:
>> I can also add https://istormsolutions.co.uk/ - I have a friend who 
>> works there, though I've not used their services myself.
>> 
>> Thanks,
>> S
>> 
>> On 03/07/2023 15:03, Gautier Hayoun wrote:
>> > Hi William,
>> >
>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. 
>> > They are a small company based in the UK, and I was perfectly 
>> > satisfied when their pen test of a Django web application.
>> >
>> > Best,
>> >
>> > Gautier
>> >
>> > On 03/07/2023 13:55, William Mayor wrote:
>> >> Hi!
>> >>
>> >> This isn?t exactly on topic, but I?m running out of leads on this 
>> >> one. Any help is appreciated :)
>> >>
>> >> I?m looking for a penetration/security testing company that can help 
>> >> me with a product that we?re building. It?s an API (written using 
>> >> FastAPI, so there is a python link in here :) ), with web and native 
>> >> app front ends.
>> >>
>> >> I?d like to have some kind of certified test conducted, to find all 
>> >> the security edge cases that I?ve undoubtably missed.
>> >>
>> >> We?re a small company (a social enterprise), so our budget isn?t great.
>> >>
>> >> So my question is, does anyone have any recommendations for a pen 
>> >> testing company that could help?
>> >>
>> >> Thank you!
>> >>
>> >>
>> >> _______________________________________________
>> >> python-uk mailing list
>> >> python-uk at python.org <mailto:python-uk at python.org>
>> >> https://mail.python.org/mailman/listinfo/python-uk
>> > _______________________________________________
>> > python-uk mailing list
>> > python-uk at python.org <mailto:python-uk at python.org>
>> > https://mail.python.org/mailman/listinfo/python-uk
>> 
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org <mailto:python-uk at python.org>
>> https://mail.python.org/mailman/listinfo/python-uk
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230704/2188ddeb/attachment.html>

From harry.percival at gmail.com  Tue Jul  4 13:12:09 2023
From: harry.percival at gmail.com (Harry Percival)
Date: Tue, 4 Jul 2023 18:12:09 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <5816BE9E-0E76-4BA0-A045-65525346B795@williammayor.co.uk>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
 <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>
 <CACFvh983tKVMT-9WkMtr0YTFH2twZgOeYfXtPLmd8dck5YD=rg@mail.gmail.com>
 <5816BE9E-0E76-4BA0-A045-65525346B795@williammayor.co.uk>
Message-ID: <CACFvh9-RwXKjjuxC5iCEfk4V+-u9YLwg9wb0zFNK6tekyewpgQ@mail.gmail.com>

aw thanks for the compliment.  3E on the way (if you mean the goat book?)

On Tue, 4 Jul 2023 at 17:17, William Mayor <mail at williammayor.co.uk> wrote:

> Thanks Harry, that?s a really good idea! I?ll add that to my list :)
>
> (P.S. Love your book BTW I give it to all of my juniors :) )
>
> On 3 Jul 2023, at 18:48, Harry Percival <harry.percival at gmail.com> wrote:
>
> Have you considered bug bounty programmes? I think we used HackerOne back
> in the day and got a few actionable fixes out of it, without ever spending
> too much money.
>
> Iirc we'd pay out like $50 for little things that were arguably not real
> vulns but just missing best practices (rate limiting password reset
> requests was an example iirc? Bit worried someone will jump on me saying
> how insanely important that is lol) - the kinds of things you can find with
> an automated tool and minimal actual effort from the pentester -- and 10x
> that (or more? Cant remember. In anycase i'm guessing H1 have suggested
> payouts) for "real" bugs with PoC.
>
> You did have to deal with a bit of spam but overall it was worth it.
>
> Hp
>
>
>
> On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk> wrote:
>
>> I can also add https://istormsolutions.co.uk/ - I have a friend who
>> works there, though I've not used their services myself.
>>
>> Thanks,
>> S
>>
>> On 03/07/2023 15:03, Gautier Hayoun wrote:
>> > Hi William,
>> >
>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently.
>> > They are a small company based in the UK, and I was perfectly
>> > satisfied when their pen test of a Django web application.
>> >
>> > Best,
>> >
>> > Gautier
>> >
>> > On 03/07/2023 13:55, William Mayor wrote:
>> >> Hi!
>> >>
>> >> This isn?t exactly on topic, but I?m running out of leads on this
>> >> one. Any help is appreciated :)
>> >>
>> >> I?m looking for a penetration/security testing company that can help
>> >> me with a product that we?re building. It?s an API (written using
>> >> FastAPI, so there is a python link in here :) ), with web and native
>> >> app front ends.
>> >>
>> >> I?d like to have some kind of certified test conducted, to find all
>> >> the security edge cases that I?ve undoubtably missed.
>> >>
>> >> We?re a small company (a social enterprise), so our budget isn?t great.
>> >>
>> >> So my question is, does anyone have any recommendations for a pen
>> >> testing company that could help?
>> >>
>> >> Thank you!
>> >>
>> >>
>> >> _______________________________________________
>> >> python-uk mailing list
>> >> python-uk at python.org
>> >> https://mail.python.org/mailman/listinfo/python-uk
>> > _______________________________________________
>> > python-uk mailing list
>> > python-uk at python.org
>> > https://mail.python.org/mailman/listinfo/python-uk
>>
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk
>>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230704/36e1eb33/attachment.html>

From mail at williammayor.co.uk  Tue Jul  4 15:16:50 2023
From: mail at williammayor.co.uk (William Mayor)
Date: Tue, 4 Jul 2023 20:16:50 +0100
Subject: [python-uk] Pen Testing for SMEs?
In-Reply-To: <CACFvh9-RwXKjjuxC5iCEfk4V+-u9YLwg9wb0zFNK6tekyewpgQ@mail.gmail.com>
References: <4E132ADF-2D76-47A0-8B5D-4778A83C866D@williammayor.co.uk>
 <fea05e4b-3739-bca5-c2ad-9ad91cf38838@gmail.com>
 <AS8P193MB2013BF1259C5678A2712C86AB829A@AS8P193MB2013.EURP193.PROD.OUTLOOK.COM>
 <CACFvh983tKVMT-9WkMtr0YTFH2twZgOeYfXtPLmd8dck5YD=rg@mail.gmail.com>
 <5816BE9E-0E76-4BA0-A045-65525346B795@williammayor.co.uk>
 <CACFvh9-RwXKjjuxC5iCEfk4V+-u9YLwg9wb0zFNK6tekyewpgQ@mail.gmail.com>
Message-ID: <E8AA8C60-C962-4D5E-8EFF-D1231D356FD6@williammayor.co.uk>

I do mean the goat book. I?ll keep my eyes out for 3e :)

> On 4 Jul 2023, at 18:12, Harry Percival <harry.percival at gmail.com> wrote:
> 
> aw thanks for the compliment.  3E on the way (if you mean the goat book?)
> 
> On Tue, 4 Jul 2023 at 17:17, William Mayor <mail at williammayor.co.uk <mailto:mail at williammayor.co.uk>> wrote:
>> Thanks Harry, that?s a really good idea! I?ll add that to my list :)
>> 
>> (P.S. Love your book BTW I give it to all of my juniors :) )
>> 
>>> On 3 Jul 2023, at 18:48, Harry Percival <harry.percival at gmail.com <mailto:harry.percival at gmail.com>> wrote:
>>> 
>>> Have you considered bug bounty programmes? I think we used HackerOne back in the day and got a few actionable fixes out of it, without ever spending too much money.
>>> 
>>> Iirc we'd pay out like $50 for little things that were arguably not real vulns but just missing best practices (rate limiting password reset requests was an example iirc? Bit worried someone will jump on me saying how insanely important that is lol) - the kinds of things you can find with an automated tool and minimal actual effort from the pentester -- and 10x that (or more? Cant remember. In anycase i'm guessing H1 have suggested payouts) for "real" bugs with PoC.
>>> 
>>> You did have to deal with a bit of spam but overall it was worth it.
>>> 
>>> Hp
>>> 
>>> 
>>> 
>>> On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk <mailto:walker_s at hotmail.co.uk>> wrote:
>>>> I can also add https://istormsolutions.co.uk/ - I have a friend who 
>>>> works there, though I've not used their services myself.
>>>> 
>>>> Thanks,
>>>> S
>>>> 
>>>> On 03/07/2023 15:03, Gautier Hayoun wrote:
>>>> > Hi William,
>>>> >
>>>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. 
>>>> > They are a small company based in the UK, and I was perfectly 
>>>> > satisfied when their pen test of a Django web application.
>>>> >
>>>> > Best,
>>>> >
>>>> > Gautier
>>>> >
>>>> > On 03/07/2023 13:55, William Mayor wrote:
>>>> >> Hi!
>>>> >>
>>>> >> This isn?t exactly on topic, but I?m running out of leads on this 
>>>> >> one. Any help is appreciated :)
>>>> >>
>>>> >> I?m looking for a penetration/security testing company that can help 
>>>> >> me with a product that we?re building. It?s an API (written using 
>>>> >> FastAPI, so there is a python link in here :) ), with web and native 
>>>> >> app front ends.
>>>> >>
>>>> >> I?d like to have some kind of certified test conducted, to find all 
>>>> >> the security edge cases that I?ve undoubtably missed.
>>>> >>
>>>> >> We?re a small company (a social enterprise), so our budget isn?t great.
>>>> >>
>>>> >> So my question is, does anyone have any recommendations for a pen 
>>>> >> testing company that could help?
>>>> >>
>>>> >> Thank you!
>>>> >>
>>>> >>
>>>> >> _______________________________________________
>>>> >> python-uk mailing list
>>>> >> python-uk at python.org <mailto:python-uk at python.org>
>>>> >> https://mail.python.org/mailman/listinfo/python-uk
>>>> > _______________________________________________
>>>> > python-uk mailing list
>>>> > python-uk at python.org <mailto:python-uk at python.org>
>>>> > https://mail.python.org/mailman/listinfo/python-uk
>>>> 
>>>> _______________________________________________
>>>> python-uk mailing list
>>>> python-uk at python.org <mailto:python-uk at python.org>
>>>> https://mail.python.org/mailman/listinfo/python-uk
>>> _______________________________________________
>>> python-uk mailing list
>>> python-uk at python.org <mailto:python-uk at python.org>
>>> https://mail.python.org/mailman/listinfo/python-uk
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230704/2e042f1e/attachment-0001.html>