Penetration Testing

[riya_here]

Thanks a lot guys....
I am glad that i put the question here.
I got my answer!!
Regards.

[R0n1n]

some companies that have not been mentioned:

NGS (UK)
ISS
Symantec
Big 4 - PWC, KPMG, D&T, E&Y

Also, most large financial institutions will have a group that at least dabble in pen testing


I suggest you start by reading TCP/IP illustrated volume 1. The SANS stuff is ok, but seems a little basic at times, there also millions of books with the word "hacking" in their title which may be of use at some point.

Also, keep in mind that some companies will use the term penetration testing when all they really do is run a vulnerability scan, so depending on your skill level you may want to enquire as to what you prospective employee actually considers a pen test to be.

[bat21]

Well to start with we can try our hands on virtual machines,Nowdays I am trying a few tricks on my VMWare (win 2003).Just create a imagenary domain along with IIS,DNS and FTP setup to get a feeling and from host OS we can fire our diff tools for doing penetration testing.

One more thing....any one experimenting with same setup kindly PM me

cheers
bat21

[ric-o]

Originally posted here by riya_here
Do any of you have any idea of the companies who actively deal in Penetration Testing?

Hi Riya:

I have used Foundstone for a pen-test against a web application and was quite pleased with their work. They provided a very thorough report showing not just vulns but also the tools they used, the methodology, and also the data from the tools. Downside is they are expensive: $15K a pop.

The quality of the pen-test is dependent on 2 things: the methodology used and more importantly the skill level of the pen-tester. A well laid out scope and rules of engagement are also important.

Good luck.

[riya_here]

I didnt knew there were so many tools available

Even I came to know about one, Nessus (www.nessus.com)