[python-uk] Pen Testing for SMEs?

Tue Jul 4 13:12:09 EDT 2023

aw thanks for the compliment.  3E on the way (if you mean the goat book?)

On Tue, 4 Jul 2023 at 17:17, William Mayor <mail at williammayor.co.uk> wrote:

> Thanks Harry, that’s a really good idea! I’ll add that to my list :)
>
> (P.S. Love your book BTW I give it to all of my juniors :) )
>
> On 3 Jul 2023, at 18:48, Harry Percival <harry.percival at gmail.com> wrote:
>
> Have you considered bug bounty programmes? I think we used HackerOne back
> in the day and got a few actionable fixes out of it, without ever spending
> too much money.
>
> Iirc we'd pay out like $50 for little things that were arguably not real
> vulns but just missing best practices (rate limiting password reset
> requests was an example iirc? Bit worried someone will jump on me saying
> how insanely important that is lol) - the kinds of things you can find with
> an automated tool and minimal actual effort from the pentester -- and 10x
> that (or more? Cant remember. In anycase i'm guessing H1 have suggested
> payouts) for "real" bugs with PoC.
>
> You did have to deal with a bit of spam but overall it was worth it.
>
> Hp
>
>
>
> On Mon, 3 Jul 2023, 14:22 SW, <walker_s at hotmail.co.uk> wrote:
>
>> I can also add https://istormsolutions.co.uk/ - I have a friend who
>> works there, though I've not used their services myself.
>>
>> Thanks,
>> S
>>
>> On 03/07/2023 15:03, Gautier Hayoun wrote:
>> > Hi William,
>> >
>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently.
>> > They are a small company based in the UK, and I was perfectly
>> > satisfied when their pen test of a Django web application.
>> >
>> > Best,
>> >
>> > Gautier
>> >
>> > On 03/07/2023 13:55, William Mayor wrote:
>> >> Hi!
>> >>
>> >> This isn’t exactly on topic, but I’m running out of leads on this
>> >> one. Any help is appreciated :)
>> >>
>> >> I’m looking for a penetration/security testing company that can help
>> >> me with a product that we’re building. It’s an API (written using
>> >> FastAPI, so there is a python link in here :) ), with web and native
>> >> app front ends.
>> >>
>> >> I’d like to have some kind of certified test conducted, to find all
>> >> the security edge cases that I’ve undoubtably missed.
>> >>
>> >> We’re a small company (a social enterprise), so our budget isn’t great.
>> >>
>> >> So my question is, does anyone have any recommendations for a pen
>> >> testing company that could help?
>> >>
>> >> Thank you!
>> >>
>> >>
>> >> _______________________________________________
>> >> python-uk mailing list
>> >> python-uk at python.org
>> >> https://mail.python.org/mailman/listinfo/python-uk
>> > _______________________________________________
>> > python-uk mailing list
>> > python-uk at python.org
>> > https://mail.python.org/mailman/listinfo/python-uk
>>
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk
>>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-uk/attachments/20230704/36e1eb33/attachment.html>