I do mean the goat book. I’ll keep my eyes out for 3e :) > On 4 Jul 2023, at 18:12, Harry Percival <[email protected]> wrote: > > aw thanks for the compliment. 3E on the way (if you mean the goat book?) > > On Tue, 4 Jul 2023 at 17:17, William Mayor <[email protected] > <mailto:[email protected]>> wrote: >> Thanks Harry, that’s a really good idea! I’ll add that to my list :) >> >> (P.S. Love your book BTW I give it to all of my juniors :) ) >> >>> On 3 Jul 2023, at 18:48, Harry Percival <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Have you considered bug bounty programmes? I think we used HackerOne back >>> in the day and got a few actionable fixes out of it, without ever spending >>> too much money. >>> >>> Iirc we'd pay out like $50 for little things that were arguably not real >>> vulns but just missing best practices (rate limiting password reset >>> requests was an example iirc? Bit worried someone will jump on me saying >>> how insanely important that is lol) - the kinds of things you can find with >>> an automated tool and minimal actual effort from the pentester -- and 10x >>> that (or more? Cant remember. In anycase i'm guessing H1 have suggested >>> payouts) for "real" bugs with PoC. >>> >>> You did have to deal with a bit of spam but overall it was worth it. >>> >>> Hp >>> >>> >>> >>> On Mon, 3 Jul 2023, 14:22 SW, <[email protected] >>> <mailto:[email protected]>> wrote: >>>> I can also add https://istormsolutions.co.uk/ - I have a friend who >>>> works there, though I've not used their services myself. >>>> >>>> Thanks, >>>> S >>>> >>>> On 03/07/2023 15:03, Gautier Hayoun wrote: >>>> > Hi William, >>>> > >>>> > I have dealt with Callum at Sencode (https://sencode.co.uk/) recently. >>>> > They are a small company based in the UK, and I was perfectly >>>> > satisfied when their pen test of a Django web application. >>>> > >>>> > Best, >>>> > >>>> > Gautier >>>> > >>>> > On 03/07/2023 13:55, William Mayor wrote: >>>> >> Hi! >>>> >> >>>> >> This isn’t exactly on topic, but I’m running out of leads on this >>>> >> one. Any help is appreciated :) >>>> >> >>>> >> I’m looking for a penetration/security testing company that can help >>>> >> me with a product that we’re building. It’s an API (written using >>>> >> FastAPI, so there is a python link in here :) ), with web and native >>>> >> app front ends. >>>> >> >>>> >> I’d like to have some kind of certified test conducted, to find all >>>> >> the security edge cases that I’ve undoubtably missed. >>>> >> >>>> >> We’re a small company (a social enterprise), so our budget isn’t great. >>>> >> >>>> >> So my question is, does anyone have any recommendations for a pen >>>> >> testing company that could help? >>>> >> >>>> >> Thank you! >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> python-uk mailing list >>>> >> [email protected] <mailto:[email protected]> >>>> >> https://mail.python.org/mailman/listinfo/python-uk >>>> > _______________________________________________ >>>> > python-uk mailing list >>>> > [email protected] <mailto:[email protected]> >>>> > https://mail.python.org/mailman/listinfo/python-uk >>>> >>>> _______________________________________________ >>>> python-uk mailing list >>>> [email protected] <mailto:[email protected]> >>>> https://mail.python.org/mailman/listinfo/python-uk >>> _______________________________________________ >>> python-uk mailing list >>> [email protected] <mailto:[email protected]> >>> https://mail.python.org/mailman/listinfo/python-uk >>
_______________________________________________ python-uk mailing list [email protected] https://mail.python.org/mailman/listinfo/python-uk
