Security testing a site

**pilotjourney** · Jan 10, 2010 09:25

We are having a new site developed by outsourced programmers and would like to have the code reviewed for any "security" issues before going live.

What is the best way to do this?

**blackhatsolution** · Jan 11, 2010 06:12

Best way is to talk to real specialists (web security experts). DIY in the solution especially if your outsourced programmers lack ethical hacker skills.
Let me know if you are interested.

**Hosting India** · Jan 11, 2010 11:43

I guess for better results you should get it done from White Box Testers

**sk89q** · Jan 12, 2010 21:18

There are plenty of security consultants/firms that will do code audits.

I can't recommend any, but perhaps if you ask around your tech and web savvy friends. You can search for them too, but then you have to figure out whether they are good at what they do.

**techmichelle** · Jan 13, 2010 13:38

check out sans.org they have lots of really great info on this issue.

Application Security Procurement Language
http://www.sans.org/appseccontract/

The whitepapers are excellent.

If just looking for a 3rd party vendor
http://www.sans.org/security-resourc...dor_directory/

**Seo_Pro** · Jan 13, 2010 17:55

Hire a web security expert or try attacks using software such as acunetix.

User Tag List

Thread: Security testing a site

Thread Tools

Display

Security testing a site

Bookmarks

Bookmarks

Posting Permissions