lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 Dec 2007 12:46:59 -0800 (PST)
From: secreview <secreview@...hmail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Professional IT Security Providers - Exposed]
 Audit Serve, Inc. ( F- )

We found Audit Serve, Inc., run by Mitchell H. Levine, by searching
for "Penetration Testing" on Google. Audit Serve, Inc. offers, IS
Auditing, Integrated Auditing, Sarbanes-Oxley Implementation Services,
Sarbanes-Oxley Ongoing Compliance Services, PCI, Security andInternet
Vulnerability Assessment & Penetration Testing Services.Our first
impression of Audit Serve, Inc. was that they were a "rubber stamp of
approval" shop that offers services that will do nothing to truly raise
your proverbial security bar but will let you fill in your security
checklist. This impression was made so quickly because of the $495.00
price quote on their main page. It reads "Internet Vulnerability
Assessment & Penetration Testing starting at $495". (Just as an FYI, it
is impossible to perform any human driven professional security
services for that price. The cost of talent is simply too high.)When
digging into their services we quickly realize that our initial
impression of Audit Serve was accurate. They are in fact a "rubber
stamp of approval" shop. Their security service deliverables appear to
be the product of automated scanners (QualysGuard) and not the product
of human talent. This also coincides with them being able to
offer "Internet Vulnerability Assessment & Penetration Testing"
services starting at $495, as no human element is incorporated into the
deliverable based on what we saw.If you do not care about the security
of your IT Infrastructure, and only want to get the "rubber stamp of
approval" then Audit Serve, Inc. is your one stop shop. If on the other
hand you do care about the security of your IT infrastructure, then
we'd suggest finding a different provider.Grade Note:We're giving Audit
Serve an F- for two reasons. The first reason is that they appear to be
in the Information Security business to make a buck by providing people
with the "rubber stamp of approval". In doing so they are actually
doing a disservice to the IT community, and the IT Security Community.
The second reason why we are giving them an F- is because their
security services appear to use no human element and rely strictly on
automated scanning (QualysGuard). If you feel that this grade is too
harsh, let us know.

--
Posted By secreview to Professional IT Security Providers - Exposed at
12/17/2007 10:28:00 AM
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ