lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2007 16:55:30 -0500 From: "SecReview" <secreview@...hmail.com> To: <full-disclosure@...ts.grok.org.uk>,<slash.pd@...il.com> Subject: Re: [Professional IT Security Providers - Exposed] Denim Group ( A - ) Peter, Simple, they are a good company and they got a good review. We're not in the business of bashing anyone, just in the business of being honest. We'll leave the bashing up to the wannabe infosec teenagers. ;) On Fri, 14 Dec 2007 16:48:59 -0500 Peter Dawson <slash.pd@...il.com> wrote: >woots with da pimping post ? > >On Dec 14, 2007 3:49 PM, secreview <secreview@...hmail.com> wrote: > >> The Denim Group <http://www.denimgroup.com/service.html> located >at >> http://www.denimgroup.com is Security >Services<http://www.denimgroup.com/service.html>Provider that >focuses strictly on Web >> Application Security Services ><http://www.denimgroup.com/service.html>. We >> asked them why they chose the name Denim >Group<http://www.denimgroup.com/service.html>and they said that it >was a marketing idea that enables them to stand out >> from the rest of the providers. (the name was actually thought >up by a >> founders X wife) As it turns out, it was a good idea and it >works! When we >> think Denim Group <http://www.denimgroup.com/service.html> the >first thing >> that comes to mind is Clothing and what the hell does that have >to do >> Application Security? Can't forget the name and the total lack >of >> correlation. >> >> Aside from the name, we are actually pleased with what we found >when we >> reviewed the Denim Group ><http://www.denimgroup.com/service.html>. When we >> spoke with John Dickson we learned a lot about their >methodology. We learned >> that the Denim Group <http://www.denimgroup.com/service.html> >does use >> automated tools such as WebInspect to perform preliminary scans >against >> target applications. They also use tools like fortify to perform >source code >> reviews. That being said, automation only covers about 20% of >the workload >> for the services that they deliver. >> >> The remaining 80% of the workload is done by high talent Web >Application >> Security Specialists that truly understand how to harden a Web >Application. >> They not only look for the common issues like Cross Site >Scripting (No >> Sacure, its not called Cross-Site Shipping) , Cross Site Request >Forgery, >> Remote File Inclusion, etc. but they also look for logic issues >and other >> types of design flaws. >> >> The Denim Group <http://www.denimgroup.com/service.html> does >use tools to >> help them perform their manual testing, as do most worthy >security >> providers. The tools that they use are special interception >proxies that >> enable them to view and manipulate conversations between client >and server, >> amongst other similar manually intensive tools. This enables the >Denim >> Group <http://www.denimgroup.com> to truly impact the quality of >their >> deliverables with strong manual testing. >> >> All in all, if you are looking for a provider to perform Web >Application >> Security type services, we think that the Denim Group >> <http://www.denimgroup.com/service.html>is a great fit. If you >are looking >> for a full service Professional Security Services shop, well >you'll probably >> have to look somewhere else because they do not offer Network >Penetration >> Testing Services, Vulnerability Assessments, etc. That being >said we were so >> impressed with the Denim Group ><http://www.denimgroup.com/service.html>and the caliber of their >service offerings, that we decided to give them an >> A-. The only reason why they didn't get an A or an A+ is because >they are >> technically not a full service shop. So, we recommend using the >Denim >> Group, <http://www.denimgroup.com/> they kick ass! >> >> If you'd like to comment on this, please visit >> http://secreview.blogspot.com and post a comment. If you feel >that this >> post is inaccurate, please let us know why and we'll consider >your opinion >> for a review. Thanks for reading! >> >> -- >> Posted By secreview to Professional IT Security Providers - >Exposed<http://secreview.blogspot.com/2007/12/denim-group.html>at >12/14/2007 12:13:00 PM >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> Regards, The Secreview Team http://secreview.blogspot.com Professional IT Security Service Providers - Exposed -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/Ioyw6h4d5AHdkxYlplI5ZkAgC6ob5NQ5aaMxZFtx3k6dgTsKZOfcyE/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists