I have been asked to start considering developing a web-based customer frontend for our application.
That doesn't phase me.
What does is that the application database has over 1.5m customer records and I *really* don't want to be in the chair if some bugger manages to hack into the system.
I want to put together a prototype and get someone to do some back box / white box testing to see how robust the architecture is.
So, to the question(s)
a) how do you handle customer security ?
username / password ?
https
certificates ?
otp ?
b) do you know of a reputable organisation that handles this sort of test ? I quite obiviously don't want to hire someone I found on the net, who says "yeah, it's all ok", only to hack into the systems later because he knows all the weaknesses
c) what sort of software do you use ?
http server
O/S
firewalls
etc
many thanks !
*bump*
No-one ? Or is it all secret sauce stuff ?
In the past we have used:
NCC GROUP SECURE TEST Penetration and Security Testing
NCC Group plc Manchester Technology Centre, Oxford Road, Manchester, M1 7EF
I will be out of the office until Monday 5th November with no email access. If you need to contact someone within the office then please phone reception on 01904 727150, otherwise I will reply to your email as soon as I am able.
Thanks, Andrew.
Email Disclaimer