Results 1 to 3 of 3
-
02-14-2005, 03:24 PM #1Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 73
Basic XSS Testing - No vulnerability, No charge
I have posted about this service before, but I return with a less vague pricing system.
From my previous post:
My name is Andrew Smith and I am considering offering a Basic Web Based Penetration Testing service to Web Hosts.
I plan offer checks for Cross-Site Scripting(Definition) Vulnerabilities and basic SQL Injection(Definition).
This is not about securing your server, it is about making sure that the website is secure and that user inputted data can not be exploited for someone else's gain.
I believe it is important for Web hosts especially to have secure websites, as an insecure website could have some serious implications. Included but not limited to:
Phishing Scams (XSS)
Cookie Theft (XSS)
Database Theft/Alteration (SQL Injection)
Up until recently an XSS vulnerability in a web host's site has not be particularly important (unless that host has some kind of login system based there, but even then it meant little) but with a huge increase in targeted Phishing scams web hosts could easily become victim of Phishers. If an XSS vulnerability existed in your website a Phisher could spam a carefully constructed URL to users of your website and trick them in to thinking that you were requesting their username and password (this could be fairly convincing, with your URL in the "address bar")
I am offering one service; I will manually check your website for the common vulnerabilities mentioned above, inform you if and when i find such vulnerabilities and advise you as to how to fix them.
I have found many XSS vulnerabilities in the past (some notable websites: CNN.com, BankofAmerica.com, BankOne.com, TrustE.org and the "Plesk 7" software"), you can find evidence of some of my work here: examples of my work
Please Note: The above work was not paid for; it was done voluntarily as a learning experience. Everyone listed on the website was informed of such vulnerabilities. If I were to discover vulnerabilities in your website they would not be listed there.
The Service
The price for a test of your Website is: $30
If I am unsuccessful in finding vulnerabilities then your payment will be refunded.
I accept payments through paypal only, refunds will be (unfortunately) subject to paypal's 5% charge.
Customers will be dealt with under the strictest confidence.
All vulnerabilities discovered will be e-mailed to you accomponied with reccomendations on how to fix them.
If you have any questions please reply here or you can contact me at: andrew.rse@gmail.com
Thanks,
Andrew Smith
-
02-14-2005, 10:11 PM #2Disabled
- Join Date
- Dec 2002
- Location
- chica go go
- Posts
- 11,876
If we hire you, and you find a vulnerability. Will you first tell us what the vulnerability is, or do you require payment for you to let us know about the vulnerability?
I'm interested in this service, do you have aim, msn, or yahoo?
-
02-15-2005, 06:34 AM #3Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 73
I would prefer payment before informing you of the vulnerability.
I do have aim, username "rse 5368"
Thanks,
Andrew Smith