lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Dec 2007 16:55:30 -0500
From: "SecReview" <secreview@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>,<slash.pd@...il.com>
Subject: Re: [Professional IT Security Providers -
	Exposed] Denim Group ( A - )

Peter, 
   Simple, they are a good company and they got a good review. 
We're not in the business of bashing anyone, just in the business 
of being honest. We'll leave the bashing up to the wannabe infosec 
teenagers. ;)

On Fri, 14 Dec 2007 16:48:59 -0500 Peter Dawson 
<slash.pd@...il.com> wrote:
>woots with da pimping post  ?
>
>On Dec 14, 2007 3:49 PM, secreview <secreview@...hmail.com> wrote:
>
>> The Denim Group <http://www.denimgroup.com/service.html> located 
>at
>> http://www.denimgroup.com is Security 
>Services<http://www.denimgroup.com/service.html>Provider that 
>focuses strictly on Web
>> Application Security Services 
><http://www.denimgroup.com/service.html>. We
>> asked them why they chose the name Denim 
>Group<http://www.denimgroup.com/service.html>and they said that it 
>was a marketing idea that enables them to stand out
>> from the rest of the providers. (the name was actually thought 
>up by a
>> founders X wife) As it turns out, it was a good idea and it 
>works! When we
>> think Denim Group <http://www.denimgroup.com/service.html> the 
>first thing
>> that comes to mind is Clothing and what the hell does that have 
>to do
>> Application Security? Can't forget the name and the total lack 
>of
>> correlation.
>>
>> Aside from the name, we are actually pleased with what we found 
>when we
>> reviewed the Denim Group 
><http://www.denimgroup.com/service.html>. When we
>> spoke with John Dickson we learned a lot about their 
>methodology. We learned
>> that the Denim Group <http://www.denimgroup.com/service.html> 
>does use
>> automated tools such as WebInspect to perform preliminary scans 
>against
>> target applications. They also use tools like fortify to perform 
>source code
>> reviews. That being said, automation only covers about 20% of 
>the workload
>> for the services that they deliver.
>>
>> The remaining 80% of the workload is done by high talent Web 
>Application
>> Security Specialists that truly understand how to harden a Web 
>Application.
>> They not only look for the common issues like Cross Site 
>Scripting (No
>> Sacure, its not called Cross-Site Shipping) , Cross Site Request 
>Forgery,
>> Remote File Inclusion, etc. but they also look for logic issues 
>and other
>> types of design flaws.
>>
>> The Denim Group <http://www.denimgroup.com/service.html> does 
>use tools to
>> help them perform their manual testing, as do most worthy 
>security
>> providers. The tools that they use are special interception 
>proxies that
>> enable them to view and manipulate conversations between client 
>and server,
>> amongst other similar manually intensive tools. This enables the 
>Denim
>> Group <http://www.denimgroup.com> to truly impact the quality of 
>their
>> deliverables with strong manual testing.
>>
>> All in all, if you are looking for a provider to perform Web 
>Application
>> Security type services, we think that the Denim Group
>> <http://www.denimgroup.com/service.html>is a great fit. If you 
>are looking
>> for a full service Professional Security Services shop, well 
>you'll probably
>> have to look somewhere else because they do not offer Network 
>Penetration
>> Testing Services, Vulnerability Assessments, etc. That being 
>said we were so
>> impressed with the Denim Group 
><http://www.denimgroup.com/service.html>and the caliber of their 
>service offerings, that we decided to give them an
>> A-. The only reason why they didn't get an A or an A+ is because 
>they are
>> technically not a full service shop. So, we recommend using the 
>Denim
>> Group, <http://www.denimgroup.com/> they kick ass!
>>
>> If you'd like to comment on this, please visit
>> http://secreview.blogspot.com and post a comment. If you feel 
>that this
>> post is inaccurate, please let us know why and we'll consider 
>your opinion
>> for a review. Thanks for reading!
>>
>> --
>> Posted By secreview to Professional IT Security Providers - 
>Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at 
>12/14/2007 12:13:00 PM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
Regards, 
      The Secreview Team
      http://secreview.blogspot.com
      Professional IT Security Service Providers - Exposed

--
Click to become an artist and quit your boring job.
http://tagline.hushmail.com/fc/Ioyw6h4d5AHdkxYlplI5ZkAgC6ob5NQ5aaMxZFtx3k6dgTsKZOfcyE/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists