ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. security audit
    Log in to post
    • All categories
    • Ambarishrh

      Anyone used Infection Monkey?
      IT Discussion • infectionmonkey open source breach and attack simulation security security audit • • Ambarishrh

      6
      4
      Votes
      6
      Posts
      212
      Views

      Ambarishrh

      @scottalanmiller said in Anyone used Infection Monkey?:

      @ambarishrh I meant that YOU should make one.

      I'm too subtle, I guess.

      lol! Yes, will make one for sure! Just need to test it on a lab and see how it goes. Its an interesting project 🙂

    • H

      Any recs for a company that does risk assessment (with HIPAA focus)?
      IT Discussion • compliance security audit • • hypernova

      3
      1
      Votes
      3
      Posts
      538
      Views

      IRJ

      https://www.ciphertechs.com/solutions/governance-risk-compliance/

    • wrx7m

      Website Security Auditor Recommendations Wanted
      IT Discussion • wordpress hacked website security security audit aws audit • • wrx7m

      5
      2
      Votes
      5
      Posts
      252
      Views

      dbeato

      YOu can also do a free test from Qualys
      https://www.qualys.com/free-services/
      https://www.qualys.com/community-edition/

    • StuartJordan

      365 have I been pwned script
      IT Discussion • office 365 security audit • • StuartJordan

      17
      0
      Votes
      17
      Posts
      1127
      Views

      jmoore

      @travisdh1 You are sure right there

    • Ambarishrh

      An interesting post about a security auditor's requirements!
      Water Closet • security audit • • Ambarishrh

      5
      1
      Votes
      5
      Posts
      600
      Views

      scottalanmiller

      @JaredBusch said in An interesting post about a security auditor's requirements!:

      @scottalanmiller said in An interesting post about a security auditor's requirements!:

      That's not a real auditor, that's a hacker posing as an auditor. If that auditor didn't have a signed, bonded affidavit from the CEO saying that he could social engineer the IT department to test their resolve then they should immediately have called the FBI, assuming that this is the US. That the person claims to be an auditor doesn't make him one, that he keeps badgering the IT guy makes what might be a mistake into clear social engineering. Charges should have been filed against them. Had they done that to a public company, charges would like have been brought under any number of federal statutes including SEC regulations.

      from the linked article:

      My "legal guy" has suggested revealing the company would probably cause more problems than needed. I can say though, this is not a major provider, they have less 100 clients using this service. We originally started using them when the site was tiny and running on a little VPS, and we didn't want to go through all the effort of getting PCI (We used to redirect to their frontend, like PayPal Standard). But when we moved to directly processing cards (including getting PCI, and common sense), the devs decided to keep using the same company just a different API. The company is based in the Birmingham, UK area so I'd highly doubt anyone here will be affected.

      Yeah, legal seemed to agree.