Big News: FounderDating is joining OneVest to build the largest community for entrepreneurs. Details here
Latest Notifications
You have no recent recommendations.
Name
Title
 
MiniBio
FOLLOW
Title
 Followers
FOLLOW TOPIC

Question goes here

1,300 Followers

  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur

Security services: Penetration testing and full security audits

We're currently prototyping a product that depends heavily on user trust. We're working with some security consultants to ensure that our users' data is secure. We'd also like to hire a good one to be act as our chief security officer. However, we're far from that point, at the moment.

I have a fairly good background in running secure, protected services. But, I'm not going to kid myself, I'm no expert.

I guess what I'm looking for is a 3rd-party SaaS-type service that allows me to ask for a full penetration test of our systems. It could be black box or white box. Either way, I want to go live with some 3rd-party validation that we're not going to be embarrassed on release.

We're also interested in on-going, random 3rd-party security audits.

Anyway, I looked around for such a service, and I didn't see anything. Anyone have any ideas?

Thanks,

Aaron

12 Replies

Chayim Kirshen
1
0
Chayim Kirshen Entrepreneur
DevOps Focused Software Professional
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aaron, A great way to start is with Rapid7's Nexpose Community Edition and MetaSploit Community Edition. Both are free for a number of nodes. Unfortunately you have to host things yourself - but at least this can get you started. You can also approach (several) firms to do ongoing pens, or one-time pen tests, I've worked with several in the past. - --c
Gergely Imreh
0
0
Gergely Imreh Entrepreneur
Physicist at Large
I've a friend working for Offensive Security http://www.offensive-security.com/
They are doing training and testing as well, as much as I know.

Cheers,
Greg
Michael Rossi
0
0
Michael Rossi Entrepreneur
Senior Analyst at TSC Advantage
Another is www.hackertarget.com if you'd like to run tests yourself.
Lawrence I Lerner
0
1
Lawrence I Lerner Entrepreneur • Advisor
Digitalization and Transformation Coach
Aaron, please feel free to ping me offlist. I know of companies that run this as a service. [removed to protect privacy] Cheers Lawrence I Lerner \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Direct: +[removed to protect privacy] Blog: RevolutionaryInnovator Twitter: @RevInnovator
Will Koffel
0
0
Will Koffel Entrepreneur • Advisor
Co-Founder at Outlearn
For a start, you might check outhttps://www.tinfoilsecurity.com/ Not going to be a full enterprise audit, but they can work with you to understand your needs.
Alvis Matlija
0
0
Alvis Matlija Entrepreneur
Product Strategy and Planning at BlackBerry
Try bugcrowd.com. They seem to offer something similar to what you are looking for. Sent from my iPad
Todd Ellermann
0
0
Todd Ellermann Entrepreneur
Experienced I.T. Leader, CTO, and Creative Entrepreneur
We used hacker safe a few years back, now McCaffee Secure. But after the acquisition, I hear that things changed some. At the end of the day, they were successful at helping us identify a truckload of issues. The hosting company I was working for was acquired.

http://www.trust-guard.com/Hacker-Safe-s/42.htm

I would seriously consider trust-guard, but all this proactive hacking wasn't cheap.
-T
Jason Wang
0
0
Jason Wang Entrepreneur
Founder & CEO at TrueVault. A HIPAA Compliant Secure API to Store Health Data.
If you are looking for manual pen-testing, I highly recommend Matasano. Their founder Thomas is a frequent commenter on Hacker News (the number 1 is Karma points actually) is highly respected by the community.
Shannon Code
0
0
Shannon Code Entrepreneur
Chief Architect
I do web and network assessments along with mobile and embedded device assessments. Long time contracts allow for retesting periodically and when new exploits come out. And a reevaluation after delivery and implementation of initial discoveries.
Michael Hanson
0
0
Michael Hanson Entrepreneur
Entrepreneur in Residence at Greylock Partners
I have no personal experience with their product, but White Hat Security (http://whitehatsec.com) offers web application fuzzing and pen testing on a SaaS platform.

They do a good job with automated screens for XSS, command injection, buffer overflow, that sort of thing. I don't recall whether they have consultants to perform the more insight-driven sort of screen you'd need as well; you may be better off hiring directly for that.
Join FounderDating to participate in the discussion
Nothing gets posted to LinkedIn and your information will not be shared.

Just a few more details please.

DO: Start a discussion, share a resource, or ask a question related to entrepreneurship.
DON'T: Post about prohibited topics such as recruiting, cofounder wanted, check out my product
or feedback on the FD site (you can send this to us directly info@founderdating.com).
See the Community Code of Conduct for more details.

Title

Give your question or discussion topic a great title, make it catchy and succinct.

Details

Make sure what you're about to say is specific and relevant - you'll get better responses.

Topics

Tag your discussion so you get more relevant responses.

Question goes here

1,300 Followers

  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
Know someone who should answer this question? Enter their email below
Stay current and follow these discussion topics?