Results 1 to 16 of 16
-
05-25-2011, 05:15 AM #1Newbie
- Join Date
- Apr 2011
- Posts
- 7
Website Hacking/Security Auditing
Anyone know of a good person or company who can basically "hack this website" for a fee and document the methods of entry used and how/what is needed to secure the vulnerabilities?
Thanks.
-
05-25-2011, 06:17 AM #2Disabled
- Join Date
- Jan 2011
- Posts
- 875
Your are on wrong track. Please change your path.
-
05-25-2011, 06:34 AM #3Web Hosting Master
- Join Date
- Sep 2004
- Location
- Miami, FL
- Posts
- 2,762
Just in case you have no idea Jason-TGWH, hacking is wrong no matter how you look at it. Even if it's for security purposes, asking someone to hack something is totally wrong!!!
There are only a few cases where hacking would land you a job. Most of the time you will be facing a person with a Gavel and most probably you'd be in handcuffs too at that time. Asking someone to audit your security is a different thing.
Please rethink of what you're doing and what you're actually considering.Aaron Ong
Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
Servers in Central, East/West Coast USA, EUROPE and ASIA
Welltodo Century - www.welltodocentury.com
-
05-25-2011, 07:09 AM #4Newbie
- Join Date
- Apr 2011
- Posts
- 7
Your saying its fine for some script kiddy to come along and exploit my website yet if I was to employ a company or person to do test my website for exploits and for them to document how it was done including how to fix the exploits than that is illegal.
Grow up, honestly. I don't know of any large company that doesn't employ such teams to probe their websites for vulnerabilities.
Now when your done getting off your high horse, either post some relevant information or don't post at all.
Thanks.Last edited by Jason-TGWH; 05-25-2011 at 07:13 AM.
-
05-25-2011, 07:57 AM #5Web Hosting Master
- Join Date
- Sep 2004
- Location
- Miami, FL
- Posts
- 2,762
Excuse me!!!
If you're done being rude, then lets continue. If not, then you're most welcome to go look for them yourself. Being rude in WHT will get you nowhere. By the way, you see that REPORT button up there... on the right hand corner of the post, USE IT if you think I'm posting irrelevant information.
Enjoy your day!Aaron Ong
Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
Servers in Central, East/West Coast USA, EUROPE and ASIA
Welltodo Century - www.welltodocentury.com
-
05-25-2011, 09:10 AM #6Junior Guru
- Join Date
- Nov 2010
- Posts
- 232
Keep it coming!
-
05-25-2011, 09:43 AM #7Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 593
Part of my job as a developer is to test for vulnerabilities. Hiring someone to try and break there way into developed code is a normal thing.
Jason, I use an xss cheatsheet and a few other items. You can see an example of one here: http://www.xenuser.org/xss-cheat-sheet/
You could also look into a product like this: http://www.acunetix.com/vulnerability-scanner/
It allows for an automated program to scan for potential loopholes that you may have missed. It's not perfect, but for the typical hack attempts, it works well.
-
05-25-2011, 09:58 AM #8Web Hosting Master
- Join Date
- Jan 2006
- Location
- Athens, Greece
- Posts
- 1,481
-
05-25-2011, 10:09 AM #9Newbie
- Join Date
- Apr 2011
- Posts
- 7
Yes it is. Also why I made a narky reply to the stupid comments made.
Who do you use for this task? Do you recommend using that software or hiring someone for the job? Where is the best place to look for such a person/company? Do you have anyone to recommend?Last edited by Jason-TGWH; 05-25-2011 at 10:15 AM.
-
05-26-2011, 02:25 PM #10Web Hosting Guru
- Join Date
- May 2011
- Location
- Columbus, Ohio
- Posts
- 270
I have tried the one from acunetix before (the free version) and it worked pretty well with just what you can get free.
The company I worked at before hired a company that used this product to scan: http://www.saintcorporation.com/prod...aintStick.html
The cool part about this program, when you scan a site, you can also give it the server login credentials so it is not just scanning what it can crawl, but every file. (ie. index.php does an include of functions.php it will directly call functions.php to see if it can find anything with that called by itself).
-Greg
PS. One thing to consider. If you run one of these programs to test a site, MAKE sure you do not have contact forms that will send out e-mails without some type of checking, else expect a ton of blank e-mails to come in as the scanners submit the form over and over and over trying different tests! (Learned the hard way when running acunetix on a site, the client called asking about the ton of mail.Last edited by TwineDev; 05-26-2011 at 02:35 PM.
-
05-27-2011, 02:43 AM #11Aspiring Evangelist
- Join Date
- Dec 2005
- Posts
- 352
I think you need to calm down, the OP's request is perfectly legitimate. You should do a lookup on penetration testing. @OP, I believe there's a company that advertise such services on WHT occasionally, I can't remember the exact name of the company (but I remember there being pictures of lions on the site ). If I remember the name, I'll be sure to update the thread.
-
05-28-2011, 06:58 AM #12Newbie
- Join Date
- May 2011
- Posts
- 16
Here are the few:
http://www.ivizsecurity.com/
https://www.fortify.com/products/for...and/index.html
I personally cannot afford them so I use acunetix and netsparker.
-
05-29-2011, 07:26 PM #13New Member
- Join Date
- May 2011
- Posts
- 4
insecure.org offers a very nice program for automated checking of websites
-
06-03-2011, 05:22 AM #14Disabled
- Join Date
- May 2011
- Posts
- 4
You can go for any web security company find in Google and select from that and go for it its very easy if you develop your website with good web application development strategy and if you make your idea clear when you develop your website then there is no need to secure your website from others.
Last edited by foobic; 06-03-2011 at 05:49 AM. Reason: seo link removed
-
06-03-2011, 12:27 PM #15Russ
- Join Date
- Mar 2002
- Location
- Philadelphia, PA
- Posts
- 2,517
Kevin Mitnick runs a security agency that will perform this work.
We have hired him in the past and have been very pleased, it's always exciting to watch someone of his reputation try to exploit your servers
-
06-03-2011, 08:34 PM #16Tells All!
- Join Date
- Jul 2003
- Location
- UK
- Posts
- 1,887
Whilst a good plan, and using secure development practices from day 1 will help you to secure your web-application, it is not a guarantee. Developers are human beings, and make mistakes. The severity of this varies from a minor annoyance, to a gaping security hole.
OP: What is your budget? I know several security consultants of varying levels that I have worked with in the past, and can recommend.
It's worthwile considering multiple levels of auditing, so having a full penetration test (a security auditor using tools & techniques to try and attack your website), in addition to a code audit (a security auditor checking your code), it's normally wise to have a network-level test performed as well, to highlight any flaws in the infrastructure.
With regard to aodat2's original posts. Neither myself, nor anybody that I've worked with has ended up with a criminal record for doing our work. Any professional consultant will require a contract showing that you give your consent to the tests. It's also the done-thing to test against a non-production system first, with only the final tests being made against the live platform.Last edited by Joseph_M; 06-03-2011 at 08:39 PM.
Similar Threads
-
Windows server security auditing
By ServerNinja in forum Hosting Security and TechnologyReplies: 8Last Post: 07-30-2006, 07:32 PM -
Security Auditing and Forensics Resources
By WinApp in forum Hosting Security and TechnologyReplies: 11Last Post: 06-03-2004, 09:55 PM -
security auditing
By michhost in forum Dedicated ServerReplies: 1Last Post: 11-22-2003, 03:03 AM -
Security Auditing
By kostagr33k in forum Employment / Job OffersReplies: 1Last Post: 08-04-2003, 06:29 PM