Results 1 to 16 of 16
  1. #1

    Website Hacking/Security Auditing

    Anyone know of a good person or company who can basically "hack this website" for a fee and document the methods of entry used and how/what is needed to secure the vulnerabilities?

    Thanks.

  2. #2
    Your are on wrong track. Please change your path.

  3. #3
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    Just in case you have no idea Jason-TGWH, hacking is wrong no matter how you look at it. Even if it's for security purposes, asking someone to hack something is totally wrong!!!

    There are only a few cases where hacking would land you a job. Most of the time you will be facing a person with a Gavel and most probably you'd be in handcuffs too at that time. Asking someone to audit your security is a different thing.

    Please rethink of what you're doing and what you're actually considering.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  4. #4
    Your saying its fine for some script kiddy to come along and exploit my website yet if I was to employ a company or person to do test my website for exploits and for them to document how it was done including how to fix the exploits than that is illegal.
    Grow up, honestly. I don't know of any large company that doesn't employ such teams to probe their websites for vulnerabilities.

    Now when your done getting off your high horse, either post some relevant information or don't post at all.

    Thanks.
    Last edited by Jason-TGWH; 05-25-2011 at 07:13 AM.

  5. #5
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    Excuse me!!!

    If you're done being rude, then lets continue. If not, then you're most welcome to go look for them yourself. Being rude in WHT will get you nowhere. By the way, you see that REPORT button up there... on the right hand corner of the post, USE IT if you think I'm posting irrelevant information.

    Enjoy your day!
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  6. #6
    Join Date
    Nov 2010
    Posts
    232


    Keep it coming!

  7. #7
    Join Date
    Jan 2004
    Posts
    593
    Part of my job as a developer is to test for vulnerabilities. Hiring someone to try and break there way into developed code is a normal thing.

    Jason, I use an xss cheatsheet and a few other items. You can see an example of one here: http://www.xenuser.org/xss-cheat-sheet/

    You could also look into a product like this: http://www.acunetix.com/vulnerability-scanner/

    It allows for an automated program to scan for potential loopholes that you may have missed. It's not perfect, but for the typical hack attempts, it works well.

  8. #8
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,481
    Quote Originally Posted by aodat2 View Post
    Asking someone to audit your security is a different thing.
    That is what he is asking I believe.

  9. #9
    Quote Originally Posted by Steve_Arm View Post
    That is what he is asking I believe.
    Yes it is. Also why I made a narky reply to the stupid comments made.


    Quote Originally Posted by speckl View Post
    Hiring someone to try and break there way into developed code is a normal thing.
    Who do you use for this task? Do you recommend using that software or hiring someone for the job? Where is the best place to look for such a person/company? Do you have anyone to recommend?
    Last edited by Jason-TGWH; 05-25-2011 at 10:15 AM.

  10. #10
    Join Date
    May 2011
    Location
    Columbus, Ohio
    Posts
    270
    I have tried the one from acunetix before (the free version) and it worked pretty well with just what you can get free.

    The company I worked at before hired a company that used this product to scan: http://www.saintcorporation.com/prod...aintStick.html

    The cool part about this program, when you scan a site, you can also give it the server login credentials so it is not just scanning what it can crawl, but every file. (ie. index.php does an include of functions.php it will directly call functions.php to see if it can find anything with that called by itself).

    -Greg

    PS. One thing to consider. If you run one of these programs to test a site, MAKE sure you do not have contact forms that will send out e-mails without some type of checking, else expect a ton of blank e-mails to come in as the scanners submit the form over and over and over trying different tests! (Learned the hard way when running acunetix on a site, the client called asking about the ton of mail.
    Last edited by TwineDev; 05-26-2011 at 02:35 PM.

  11. #11
    Join Date
    Dec 2005
    Posts
    352
    Quote Originally Posted by aodat2 View Post
    Just in case you have no idea Jason-TGWH, hacking is wrong no matter how you look at it. Even if it's for security purposes, asking someone to hack something is totally wrong!!!

    There are only a few cases where hacking would land you a job. Most of the time you will be facing a person with a Gavel and most probably you'd be in handcuffs too at that time. Asking someone to audit your security is a different thing.

    Please rethink of what you're doing and what you're actually considering.
    I think you need to calm down, the OP's request is perfectly legitimate. You should do a lookup on penetration testing. @OP, I believe there's a company that advertise such services on WHT occasionally, I can't remember the exact name of the company (but I remember there being pictures of lions on the site ). If I remember the name, I'll be sure to update the thread.

  12. #12
    Here are the few:
    http://www.ivizsecurity.com/

    https://www.fortify.com/products/for...and/index.html

    I personally cannot afford them so I use acunetix and netsparker.

  13. #13
    insecure.org offers a very nice program for automated checking of websites

  14. #14
    You can go for any web security company find in Google and select from that and go for it its very easy if you develop your website with good web application development strategy and if you make your idea clear when you develop your website then there is no need to secure your website from others.
    Last edited by foobic; 06-03-2011 at 05:49 AM. Reason: seo link removed

  15. #15
    Join Date
    Mar 2002
    Location
    Philadelphia, PA
    Posts
    2,517
    Kevin Mitnick runs a security agency that will perform this work.

    We have hired him in the past and have been very pleased, it's always exciting to watch someone of his reputation try to exploit your servers

  16. #16
    Join Date
    Jul 2003
    Location
    UK
    Posts
    1,887
    Quote Originally Posted by adriankawa View Post
    You can go for any web security company find in Google and select from that and go for it its very easy if you develop your website with good web application development strategy and if you make your idea clear when you develop your website then there is no need to secure your website from others.
    Whilst a good plan, and using secure development practices from day 1 will help you to secure your web-application, it is not a guarantee. Developers are human beings, and make mistakes. The severity of this varies from a minor annoyance, to a gaping security hole.

    OP: What is your budget? I know several security consultants of varying levels that I have worked with in the past, and can recommend.

    It's worthwile considering multiple levels of auditing, so having a full penetration test (a security auditor using tools & techniques to try and attack your website), in addition to a code audit (a security auditor checking your code), it's normally wise to have a network-level test performed as well, to highlight any flaws in the infrastructure.

    With regard to aodat2's original posts. Neither myself, nor anybody that I've worked with has ended up with a criminal record for doing our work. Any professional consultant will require a contract showing that you give your consent to the tests. It's also the done-thing to test against a non-production system first, with only the final tests being made against the live platform.
    Last edited by Joseph_M; 06-03-2011 at 08:39 PM.

Similar Threads

  1. Windows server security auditing
    By ServerNinja in forum Hosting Security and Technology
    Replies: 8
    Last Post: 07-30-2006, 07:32 PM
  2. Security Auditing and Forensics Resources
    By WinApp in forum Hosting Security and Technology
    Replies: 11
    Last Post: 06-03-2004, 09:55 PM
  3. security auditing
    By michhost in forum Dedicated Server
    Replies: 1
    Last Post: 11-22-2003, 03:03 AM
  4. Security Auditing
    By kostagr33k in forum Employment / Job Offers
    Replies: 1
    Last Post: 08-04-2003, 06:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •