Viewing posts from December, 2015
A small team, that includes Gray Tier researchers, received recognition on Dec 8 in the form of CVEs for their work on the Up.Time Agent software.
When selecting a penetration testing company there are many factors to consider, not the least of which is the integrity and technical skill of their team. The first, and most critical, step is to decided whether or not you trust the team you’re considering. Make no mistake about it; you are inviting a third-party to attempt to compromise your most critical IT assets. If you do not have the utmost trust in the team you're about to hire - stop immediately and consider alternatives. With the global increase in corporate data breaches there is also a rise in penetration testing companies. So how do you know if you can trust the team you’re hiring? If the company has been around for a while it should be as easy as asking for references. However, if they’re a relatively new company, like Gray Tier, then it’s a bit harder. Regardless, you should still ask about previous clients. You should also ask about their methodology? How they approach their testing? What are their rules of engagement (ROE)? What is the background of the individual team members? How do they minimize risk to your assets during an engagement? These are just a few of the questions we expect our clients to ask, and likewise we should be able to provide answers to your satisfaction.