Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
On Dec 14, 2007 4:55 PM, SecReview [EMAIL PROTECTED] wrote: Peter, Simple, they are a good company and they got a good review. We're not in the business of bashing anyone, just in the business of being honest. We'll leave the bashing up to the wannabe infosec teenagers. ;) Except that you're akin to food critics that review restaurants by only reading the menu. So you're not really in the business of providing any actual insight, either. PaulM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
The Denim Group located at http://www.denimgroup.com is Security Services Provider that focuses strictly on Web Application Security Services. We asked them why they chose the name Denim Group and they said that it was a marketing idea that enables them to stand out from the rest of the providers. (the name was actually thought up by a founders X wife) As it turns out, it was a good idea and it works! When we think Denim Group the first thing that comes to mind is Clothing and what the hell does that have to do Application Security? Can't forget the name and the total lack of correlation.Aside from the name, we are actually pleased with what we found when we reviewed the Denim Group. When we spoke with John Dickson we learned a lot about their methodology. We learned that the Denim Group does use automated tools such as WebInspect to perform preliminary scans against target applications. They also use tools like fortify to perform source code reviews. That being said, automation only covers about 20% of the workload for the services that they deliver.The remaining 80% of the workload is done by high talent Web Application Security Specialists that truly understand how to harden a Web Application. They not only look for the common issues like Cross Site Scripting (No Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery, Remote File Inclusion, etc. but they also look for logic issues and other types of design flaws. The Denim Group does use tools to help them perform their manual testing, as do most worthy security providers. The tools that they use are special interception proxies that enable them to view and manipulate conversations between client and server, amongst other similar manually intensive tools. This enables the Denim Group to truly impact the quality of their deliverables with strong manual testing.All in all, if you are looking for a provider to perform Web Application Security type services, we think that the Denim Group is a great fit. If you are looking for a full service Professional Security Services shop, well you'll probably have to look somewhere else because they do not offer Network Penetration Testing Services, Vulnerability Assessments, etc. That being said we were so impressed with the Denim Group and the caliber of their service offerings, that we decided to give them an A-. The only reason why they didn't get an A or an A+ is because they are technically not a full service shop. So, we recommend using the Denim Group, they kick ass!If you'd like to comment on this, please visit http://secreview.blogspot.com and post a comment. If you feel that this post is inaccurate, please let us know why and we'll consider your opinion for a review. Thanks for reading! -- Posted By secreview to Professional IT Security Providers - Exposed at 12/14/2007 12:13:00 PM___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview [EMAIL PROTECTED] wrote: The Denim Group http://www.denimgroup.com/service.html located at http://www.denimgroup.com is Security Serviceshttp://www.denimgroup.com/service.htmlProvider that focuses strictly on Web Application Security Services http://www.denimgroup.com/service.html. We asked them why they chose the name Denim Grouphttp://www.denimgroup.com/service.htmland they said that it was a marketing idea that enables them to stand out from the rest of the providers. (the name was actually thought up by a founders X wife) As it turns out, it was a good idea and it works! When we think Denim Group http://www.denimgroup.com/service.html the first thing that comes to mind is Clothing and what the hell does that have to do Application Security? Can't forget the name and the total lack of correlation. Aside from the name, we are actually pleased with what we found when we reviewed the Denim Group http://www.denimgroup.com/service.html. When we spoke with John Dickson we learned a lot about their methodology. We learned that the Denim Group http://www.denimgroup.com/service.html does use automated tools such as WebInspect to perform preliminary scans against target applications. They also use tools like fortify to perform source code reviews. That being said, automation only covers about 20% of the workload for the services that they deliver. The remaining 80% of the workload is done by high talent Web Application Security Specialists that truly understand how to harden a Web Application. They not only look for the common issues like Cross Site Scripting (No Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery, Remote File Inclusion, etc. but they also look for logic issues and other types of design flaws. The Denim Group http://www.denimgroup.com/service.html does use tools to help them perform their manual testing, as do most worthy security providers. The tools that they use are special interception proxies that enable them to view and manipulate conversations between client and server, amongst other similar manually intensive tools. This enables the Denim Group http://www.denimgroup.com to truly impact the quality of their deliverables with strong manual testing. All in all, if you are looking for a provider to perform Web Application Security type services, we think that the Denim Group http://www.denimgroup.com/service.htmlis a great fit. If you are looking for a full service Professional Security Services shop, well you'll probably have to look somewhere else because they do not offer Network Penetration Testing Services, Vulnerability Assessments, etc. That being said we were so impressed with the Denim Group http://www.denimgroup.com/service.htmland the caliber of their service offerings, that we decided to give them an A-. The only reason why they didn't get an A or an A+ is because they are technically not a full service shop. So, we recommend using the Denim Group, http://www.denimgroup.com/ they kick ass! If you'd like to comment on this, please visit http://secreview.blogspot.com and post a comment. If you feel that this post is inaccurate, please let us know why and we'll consider your opinion for a review. Thanks for reading! -- Posted By secreview to Professional IT Security Providers - Exposedhttp://secreview.blogspot.com/2007/12/denim-group.htmlat 12/14/2007 12:13:00 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
Peter, Simple, they are a good company and they got a good review. We're not in the business of bashing anyone, just in the business of being honest. We'll leave the bashing up to the wannabe infosec teenagers. ;) On Fri, 14 Dec 2007 16:48:59 -0500 Peter Dawson [EMAIL PROTECTED] wrote: woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview [EMAIL PROTECTED] wrote: The Denim Group http://www.denimgroup.com/service.html located at http://www.denimgroup.com is Security Serviceshttp://www.denimgroup.com/service.htmlProvider that focuses strictly on Web Application Security Services http://www.denimgroup.com/service.html. We asked them why they chose the name Denim Grouphttp://www.denimgroup.com/service.htmland they said that it was a marketing idea that enables them to stand out from the rest of the providers. (the name was actually thought up by a founders X wife) As it turns out, it was a good idea and it works! When we think Denim Group http://www.denimgroup.com/service.html the first thing that comes to mind is Clothing and what the hell does that have to do Application Security? Can't forget the name and the total lack of correlation. Aside from the name, we are actually pleased with what we found when we reviewed the Denim Group http://www.denimgroup.com/service.html. When we spoke with John Dickson we learned a lot about their methodology. We learned that the Denim Group http://www.denimgroup.com/service.html does use automated tools such as WebInspect to perform preliminary scans against target applications. They also use tools like fortify to perform source code reviews. That being said, automation only covers about 20% of the workload for the services that they deliver. The remaining 80% of the workload is done by high talent Web Application Security Specialists that truly understand how to harden a Web Application. They not only look for the common issues like Cross Site Scripting (No Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery, Remote File Inclusion, etc. but they also look for logic issues and other types of design flaws. The Denim Group http://www.denimgroup.com/service.html does use tools to help them perform their manual testing, as do most worthy security providers. The tools that they use are special interception proxies that enable them to view and manipulate conversations between client and server, amongst other similar manually intensive tools. This enables the Denim Group http://www.denimgroup.com to truly impact the quality of their deliverables with strong manual testing. All in all, if you are looking for a provider to perform Web Application Security type services, we think that the Denim Group http://www.denimgroup.com/service.htmlis a great fit. If you are looking for a full service Professional Security Services shop, well you'll probably have to look somewhere else because they do not offer Network Penetration Testing Services, Vulnerability Assessments, etc. That being said we were so impressed with the Denim Group http://www.denimgroup.com/service.htmland the caliber of their service offerings, that we decided to give them an A-. The only reason why they didn't get an A or an A+ is because they are technically not a full service shop. So, we recommend using the Denim Group, http://www.denimgroup.com/ they kick ass! If you'd like to comment on this, please visit http://secreview.blogspot.com and post a comment. If you feel that this post is inaccurate, please let us know why and we'll consider your opinion for a review. Thanks for reading! -- Posted By secreview to Professional IT Security Providers - Exposedhttp://secreview.blogspot.com/2007/12/denim-group.htmlat 12/14/2007 12:13:00 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Regards, The Secreview Team http://secreview.blogspot.com Professional IT Security Service Providers - Exposed -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/Ioyw6h4d5AHdkxYlplI5ZkAgC6ob5NQ5aaMxZFtx3k6dgTsKZOfcyE/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/