Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Feedback req'd - Website Security / Penetrantion Testing

  • 13-02-2014 11:54am
    #1
    Registered Users, Registered Users 2 Posts: 576 ✭✭✭


    All,

    We've experienced a stall point in my startup venture that looks like we will be suspended for at least 6 months so I have some time on my hands and am looking towards the next venture.

    This event and the recent thread by Dean0088 with regard to his new venture has encouraged me to come back to this forum as a sounding block again. I raised this as a venture a couple of years ago but could not invest energy into getting off the ground as another venture came along.

    Background : I'm a self-employed IT Consultant - Enterprise Architecture mainly but have also been working in Online Security for the past number of years on a mainly part time basis. I have a group of very experienced consultant hackers who work for me on an engagement by engagement basis as I need to bring additional skills on board.

    We do Online and Application level Security & Vulnerability Assessments with a significant success and happiness rating from our clients.

    All of the recent high profile hacking cases have been driving business but the main gap in the market that I see is that most of the smaller operations are either unwilling or cannot afford to go to the big players in the Irish market.

    So my questions are :
    - Have you completed an impact assessment to your business with a security breach in mind ?
    - If you have an online presence, have you considered Security testing ?
    - Do you expect your Web Development team to include Security Testing as part of their deliverable ?
    - What measures have you taken to secure your online investment ?
    - Would you use a smaller operator for Testing services ?
    - Could you put a price point on a website vulnerability test (I have price points in mind and obviously this depends on site complexity but would love to see what people would consider affordable / expensive) ?

    Any / all feedback would be great.

    Thanks.


Comments

  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    You're going to find that a really tough sell, particularly at the small end of the SME market where pretty much all the security work is reactive rather than proactive.


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Graham wrote: »
    You're going to find that a really tough sell, particularly at the small end of the SME market where pretty much all the security work is reactive rather than proactive.

    Thanks Graham - absolutely it would be a tough sell at the lower end of the SME market - that's what I hope some feedback on this forum will give me. there are obvious economies of scale at play here but small businesses can be generating a significant % of their income from online activities and any interruption to that revenue stream can be hugely troublesome to their business model.

    I just hope that I can match my model with some of theirs and generate a business from that.


  • Closed Accounts Posts: 2,091 ✭✭✭Peterdalkey


    Never give it a thought, we have about 10 sites, 8 of which are boring B2B brochure type sites and landing pages. They are backed up and contain nothing that is not open to public view, in any case. The 2 B2B eComm sites are hosted CMS in a very secure set up run by our provider, Even our own SEO had his benign web scanner crawler booted out!! They are all over security, so we dont bother!
    Email and network security are very important to us and we spend good dough on top anti-virus and firewalls... our network guy looks after that aspect.


  • Closed Accounts Posts: 2,091 ✭✭✭Peterdalkey


    Most of us would not even know what PEN testing is!I suggest you should change the title for more feed back!!


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    The market is already very well served

    At the low end there's a load of companies offering website scanning services

    At the higher end it's much more specialised and costly


  • Advertisement
  • Banned (with Prison Access) Posts: 388 ✭✭Atomico


    ifah wrote: »
    All,

    We've experienced a stall point in my startup venture that looks like we will be suspended for at least 6 months so I have some time on my hands and am looking towards the next venture.

    This event and the recent thread by Dean0088 with regard to his new venture has encouraged me to come back to this forum as a sounding block again. I raised this as a venture a couple of years ago but could not invest energy into getting off the ground as another venture came along.

    Background : I'm a self-employed IT Consultant - Enterprise Architecture mainly but have also been working in Online Security for the past number of years on a mainly part time basis. I have a group of very experienced consultant hackers who work for me on an engagement by engagement basis as I need to bring additional skills on board.

    We do Online and Application level Security & Vulnerability Assessments with a significant success and happiness rating from our clients.

    All of the recent high profile hacking cases have been driving business but the main gap in the market that I see is that most of the smaller operations are either unwilling or cannot afford to go to the big players in the Irish market.

    So my questions are :
    - Have you completed an impact assessment to your business with a security breach in mind ?
    - If you have an online presence, have you considered Security testing ?
    - Do you expect your Web Development team to include Security Testing as part of their deliverable ?
    - What measures have you taken to secure your online investment ?
    - Would you use a smaller operator for Testing services ?
    - Could you put a price point on a website vulnerability test (I have price points in mind and obviously this depends on site complexity but would love to see what people would consider affordable / expensive) ?

    Any / all feedback would be great.

    Thanks.

    Very much a reactive 'we'll sort it if it happens' type thing for the vast majority of your target market. Just wouldn't be on their radar, and even those who are fairly clued in would probably only be doing the minimum amount required in that area.


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Most of us would not even know what PEN testing is!I suggest you should change the title for more feed back!!

    Fair point. Thanks


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    ifah wrote: »
    ... cannot afford to go to the big players in the Irish market....

    So price range is the target market?


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Blacknight wrote: »
    The market is already very well served

    At the low end there's a load of companies offering website scanning services

    At the higher end it's much more specialised and costly

    Agreed - there are lots of scanning services but that's not what I'm offering. I / we already do all of the specialised testing. I'm trying to work out a model where we can make the specialised services available to a wider market.

    Thanks for input.


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    beauf wrote: »
    So price range is the target market?

    Sorry - I don't understand this comment.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Atomico wrote: »
    Very much a reactive 'we'll sort it if it happens' type thing for the vast majority of your target market. Just wouldn't be on their radar, and even those who are fairly clued in would probably only be doing the minimum amount required in that area.

    Agreed and that's been my experience with a lot of SME's also. I'm just trying to work out whether there is scope to change this view. Kinda similar to peoples attitude to SEO in fairly recent past - most adopted a build it and they will come attitude.


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    SEO equates to additional revenue for most sites though, that makes it a much much easier sell.


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Graham wrote: »
    SEO equates to additional revenue for most sites though, that makes it a much much easier sell.

    True - it's definitely easier to sell a positive rather than a negative (like security testing) but the media coverage of all of the larger breaches these days make it an easier sell.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    ifah wrote: »
    Sorry - I don't understand this comment.

    What price range of product are you offering? Under 2k I'm assuming.


  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    beauf wrote: »
    What price range of product are you offering? Under 2k I'm assuming.

    Yes for the majority of sites but if it's a complex site / mobile app etc it may cost more..


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    Any more and you're competing with the big firms.


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    Small firms don't consider security of their online presence.
    We used to tell them about the 5.5bn hacks in 2012 worldwide. It usually got their attention but budget was normally an issue even if they had been hacked.
    Uphill battle I would think.


Advertisement