[python-uk] Pen Testing for SMEs?

William Mayor mail at williammayor.co.uk
Tue Jul 4 12:17:20 EDT 2023 

Thanks Harry, that’s a really good idea! I’ll add that to my list :)

(P.S. Love your book BTW I give it to all of my juniors :) )

> On 3 Jul 2023, at 18:48, Harry Percival <harry.percival at gmail.com> wrote:
> 
> Have you considered bug bounty programmes? I think we used HackerOne back in the day and got a few actionable fixes out of it, without ever spending too much money.
> 
> Iirc we'd pay out like $50 for little things that were arguably not real vulns but just missing best practices (rate limiting password reset requests was an example iirc? Bit worried someone will jump on me saying how insanely important that is lol) - the kinds of things you can find with an automated tool and minimal actual effort from the pentester -- and 10x that (or more? Cant remember. In anycase i'm guessing H1 have suggested payouts) for "real" bugs with PoC.
> 
> You did have to deal with a bit of spam but overall it was worth it.
> 
> Hp
> 
> 
> 
> On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk <mailto:walker_s at hotmail.co.uk>> wrote:
>> I can also add https://istormsolutions.co.uk/ - I have a friend who 
>> works there, though I've not used their services myself.
>> 
>> Thanks,
>> S
>> 
>> On 03/07/2023 15:03, Gautier Hayoun wrote:
>> > Hi William,
>> >
>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. 
>> > They are a small company based in the UK, and I was perfectly 
>> > satisfied when their pen test of a Django web application.
>> >
>> > Best,
>> >
>> > Gautier
>> >
>> > On 03/07/2023 13:55, William Mayor wrote:
>> >> Hi!
>> >>
>> >> This isn’t exactly on topic, but I’m running out of leads on this 
>> >> one. Any help is appreciated :)
>> >>
>> >> I’m looking for a penetration/security testing company that can help 
>> >> me with a product that we’re building. It’s an API (written using 
>> >> FastAPI, so there is a python link in here :) ), with web and native 
>> >> app front ends.
>> >>
>> >> I’d like to have some kind of certified test conducted, to find all 
>> >> the security edge cases that I’ve undoubtably missed.
>> >>
>> >> We’re a small company (a social enterprise), so our budget isn’t great.
>> >>
>> >> So my question is, does anyone have any recommendations for a pen 
>> >> testing company that could help?
>> >>
>> >> Thank you!
>> >>
>> >>
>> >> _______________________________________________
>> >> python-uk mailing list
>> >> python-uk at python.org <mailto:python-uk at python.org>
>> >> https://mail.python.org/mailman/listinfo/python-uk
>> > _______________________________________________
>> > python-uk mailing list
>> > python-uk at python.org <mailto:python-uk at python.org>
>> > https://mail.python.org/mailman/listinfo/python-uk
>> 
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org <mailto:python-uk at python.org>
>> https://mail.python.org/mailman/listinfo/python-uk
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230704/2188ddeb/attachment.html>

More information about the python-uk mailing list