Testing for potential / real site vulnerabilities

D

DeusModus2011-01-27 00:00:44

Software testing

DeusModus, 2011-01-27 00:00:44

The question arose - are there people in Runet who earn their bread with this, how much it costs and how it is generally considered.
Let's say if I can find a person with whom we will make a price list (xss, sql inj, shell, access to source codes) and he digs, and I pay for what I dug.
Interested in testing the black box, when the "intruder" digs wherever possible, having only basic knowledge.

PS: The question is about projects that belong to me, and not to competitors / enemies / Google.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

T

try4tune, 2011-01-27
@try4tune

What is the website written on? What DB is used?

E

Evgeny_Shiryaev, 2011-01-27
@Evgeny_Shiryaev

Try asking @devteev about it (he is also on Habré ). A friend works at Positive Technologies, and is engaged in information security.

P

Pavel Chipak, 2011-01-27
@reket

There are some on antichat.ru

O

olegsharapov91, 2019-01-16
@olegsharapov91

There is a white hat, there is a black hat. There is an audit from branded companies like positive or groupib. This is all, of course, and costs a lot, and depends on the amount of work and goals.
If you have one simple self-written site, then it is relatively simple. And if the whole CMS or a large infrastructure, then both complexity and time will increase. And it's not very clear what you want to get: a piece of paper that everything is fine with you, or torturing a hacker to victory so that he finds a vulnerability in those places that you doubt :)
In any case, look towards security scanners like acunetix. com or metascan.ru, they do the same, they dig only according to basic knowledge, but automatically. It's both faster and cheaper.