Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Ulecese
Ihatalo Research and Development Ihatalo Cartel
|
Posted - 2009.08.02 14:36:00 -
[1]
Prior to launching Ihatalo Cartel Financial Services I'm looking to get a penetration test done to assess the security of the website and it's databases.
I'm willing to pay an ISK fee in the 'multiple billions' with a view to offering a rolling contract to perform tests at future intervals (mainly when new features are added to the site) for the right candidate.
The exact details of what I want testing will be discussed with applicants who post here with their interest and credentials but essentially you will be doing this test using the 'Black Box' method.
For the interest of current IHAFS clients - this will not effect your account balances due to the remote backup database (worse case scenario we can pull the api information). That said any client wishing to pull their deposits until this test is completed are invited to do so.
------------------------------------ CEO, Ihatalo Research and Development Ihatalo Cartel
Banking and 3rd Party Transaction Service : http://ihafs-eve.co.uk/ |
Solisk
Gallente HyperFang Aquisitions And Logistics
|
Posted - 2009.08.02 16:41:00 -
[2]
While it's been a long time since I've done this sort of thing at all (5-7 years or so) and I don't want to do this regularly or as your primary security tester, I might be able to find some time over the next few weeks to do some secondary testing in the form of PHP/SQL injection to see if you have any simple vulnerabilities that you may have overlooked.
|
Agent Known
Apotheosis of Virtue
|
Posted - 2009.08.02 17:44:00 -
[3]
Originally by: Solisk While it's been a long time since I've done this sort of thing at all (5-7 years or so) and I don't want to do this regularly or as your primary security tester, I might be able to find some time over the next few weeks to do some secondary testing in the form of PHP/SQL injection to see if you have any simple vulnerabilities that you may have overlooked.
SQL injections are so 1990s.
But in all seriousness, taking proper security measures, running a proper firewall (iptables for Linux obviously), and using good coding practices makes it difficult to hack (without knowing the passwords!).
|
Ulecese
Ihatalo Research and Development Ihatalo Cartel
|
Posted - 2009.08.03 21:45:00 -
[4]
Originally by: Solisk While it's been a long time since I've done this sort of thing at all (5-7 years or so) and I don't want to do this regularly or as your primary security tester, I might be able to find some time over the next few weeks to do some secondary testing in the form of PHP/SQL injection to see if you have any simple vulnerabilities that you may have overlooked.
Thanks for the offer but you must understand I would prefer dealing with one person who has the time to commit to this, rather than multiple people (obviously I cannot stop you or anyone else doing it anyway). Still looking for someone. ------------------------------------ CEO, Ihatalo Research and Development Ihatalo Cartel
Banking and 3rd Party Transaction Service : http://ihafs-eve.co.uk/ |
Vaerah Vahrokha
Minmatar Dark-Rising
|
Posted - 2009.08.03 22:02:00 -
[5]
Edited by: Vaerah Vahrokha on 03/08/2009 22:02:20
Originally by: Ulecese
Originally by: Solisk While it's been a long time since I've done this sort of thing at all (5-7 years or so) and I don't want to do this regularly or as your primary security tester, I might be able to find some time over the next few weeks to do some secondary testing in the form of PHP/SQL injection to see if you have any simple vulnerabilities that you may have overlooked.
Thanks for the offer but you must understand I would prefer dealing with one person who has the time to commit to this, rather than multiple people (obviously I cannot stop you or anyone else doing it anyway). Still looking for someone.
Actually, having one tester is limitative, as he'll perform attacks with his mind set pattern, while a number of random testers would attack in unrelated, unorganized, unpredictable ways. Basically the classic "monkeys that given enough time could write Shakespeare" - Auditing and consulting
Before asking for investors, please read http://tinyurl.com/n5ys4h and http://tinyurl.com/lrg4oz
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |