|
Title: Service: security audits Post by: a nice guy on April 06, 2012, 02:41:11 PM Hello,
I would like to announce that I now offer my knowledge as part of an audit-service. Some things about me: I love security and I love to exploit it. I've been a web-developer for many, many years and I always was interested in security. In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites. If you want to me audit your site, please contact me at: http://img4me.com/Wez3.png Every vulnerability that I find will not be disclosed to anyone but you. kind regards, a nice guy Title: Re: Service: security audits Post by: Blind on April 06, 2012, 07:44:30 PM Out of curiosity, how much do you charge for pen testing?
Title: Re: Service: security audits Post by: a nice guy on April 06, 2012, 08:47:53 PM Hey Blind,
it depends on the size of the site. I had in mind getting something upfront and a "bounty" for every vulnearbility. kind regards, a nice guy Title: Re: Service: security audits Post by: bccasino on April 15, 2012, 09:27:46 PM hi
just a quick note to let you know that we used OP expertise and are very happy abut the result of the audit and the possible vulnerabilities that were put to light and fixed by OP. i only can recommend this service to any one that care about their customers privacy. thanks Title: Re: Service: security audits Post by: Xenland on April 16, 2012, 01:11:40 AM Ive noticed that no security scanner will detect ajax vulnerabilites, is this ajax vulnerabilites apart of your services?
Title: Re: Service: security audits Post by: a nice guy on April 16, 2012, 05:17:55 PM Hello Xenland,
I will search for ajax-vulnerabilities too. kind regards, a nice guy Title: Re: Service: security audits Post by: Xenland on April 17, 2012, 04:43:46 AM Hello Xenland, I will search for ajax-vulnerabilities too. kind regards, a nice guy Excellent, excellent, I'll be contacting you before the end of the month in that case. Title: Re: Service: security audits Post by: highlevelminer on April 18, 2012, 11:38:39 PM Nice!
I plan on getting into the networking security sector myself so anyone interested in any tidbits on network security feel free to ask. I can offer semi-professional advice :) Title: Re: Service: security audits Post by: a nice guy on April 19, 2012, 06:42:40 AM Hello highlevelminer,
I don't mean to be rude, but could you please use your own thread?! kind regards, a nice guy Title: Re: Service: security audits Post by: highlevelminer on April 19, 2012, 06:54:39 AM Not a problem.
Title: Re: Service: security audits Post by: a nice guy on April 21, 2012, 10:16:35 AM Hello,
I just want to inform you, that my email-address has changed. It's now http://img4me.com/Wez3.png. kind regards, a nice guy Title: Re: Service: security audits Post by: Retard on June 01, 2012, 10:02:37 PM Nice service , has a reported a little error.
Title: Re: Service: security audits Post by: BitcoinOPX on July 29, 2012, 11:56:55 PM Good service!
Title: Re: Service: security audits Post by: mistfpga on July 30, 2012, 07:58:52 AM Hi,
I have a couple of quick questions, Would you please advise to what standards you audit against. What accreditation will I receive upon successful audit, and from what body? Which body has licensed you to give this accreditation? How long do you have left before you need to reapply for a licence? Do you do CREST and CHECK audits too? How about OWASP? which guidelines do you use? This thread might help? https://bitcointalk.org/index.php?topic=93118.0 Title: Re: Service: security audits Post by: davout on July 30, 2012, 08:07:29 AM Hello, Interesting, any references ?I would like to announce that I now offer my knowledge as part of an audit-service. Some things about me: I love security and I love to exploit it. I've been a web-developer for many, many years and I always was interested in security. In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites. If you want to me audit your site, please contact me at: http://img4me.com/Wez3.png Every vulnerability that I find will not be disclosed to anyone but you. kind regards, a nice guy Title: Re: Service: security audits Post by: NRF on July 30, 2012, 08:32:05 AM Are you able to do ISO/IEC 27001 accreditation?
I would love to find someone that can for Bitcoin's. It would have a good chance to sway my employers (the board mainly) into getting more involved in crypto currency's. The clients that we do software for regularly move considerable amounts of digital currency across boarders (legally). It is part of the reason that I am doing more research into the subject of bitcoin's and its ilk. Title: Re: Service: security audits Post by: mistfpga on July 30, 2012, 10:07:44 AM In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites. Just noticed this... Did these various bitcoin websites ask you to pentest their site for them? or did you just decide to poke around at their server and see what happend? I really hope it is not the latter... that would make me sad... and it would mean that you didnt get your get out of jail free card signed before you 'helped' them out. If it is the former, keep up the good work :) Title: Re: Service: security audits Post by: a nice guy on July 30, 2012, 06:55:41 PM Hello,
to clarify a few things: I am not a professional, nor will I reveal my identity. Some of you might think that I am a script kiddo or something in that direction, but I can assure you that I am not. These audits/pentestings are for my further personal education and to help the bitcoin-community. I have written a ton of PHP-Code in the past years and I know where possible vulnerabilities may exist. When pentesting a site I use the site as it was intended to and get some knowledge about the style the site was developed in, which can be very useful. After I have done that, I poke a little bit around look for inconsistencies or weird results and try to figure out if there are actual exploits. Basically, I cover the whole OWASP top 10. I did pentest some sites where the owner didn't asked me to do it. I am fully aware of the risks and potential consequences, that's the reason I am using tor. thank you all for you interest kind regards, a nice guy |
