Service: security audits

[a nice guy]

Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:
http://img4me.com/Wez3.png
 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy

[Blind]

Out of curiosity, how much do you charge for pen testing?

[a nice guy]

Hey Blind,

it depends on the size of the site.
I had in mind getting something upfront and a "bounty" for every vulnearbility.

kind regards,
a nice guy

[bccasino]

hi

just a quick note to let you know that we used OP expertise and are very happy abut the result of the audit and the possible vulnerabilities that were put to light and fixed by OP.

i only can recommend this service to any one that care about their customers privacy.

thanks


 

[Xenland]

Ive noticed that no security scanner will detect ajax vulnerabilites, is this ajax vulnerabilites apart of your services?

[a nice guy]

Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy

[Xenland]

Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy

Excellent, excellent, I'll be contacting you before the end of the month in that case.

[highlevelminer]

Nice!

I plan on getting into the networking security sector myself so anyone interested in any tidbits on network security feel free to ask.

I can offer semi-professional advice

[a nice guy]

Hello highlevelminer,

I don't mean to be rude, but could you please use your own thread?!


kind regards,
a nice guy

[highlevelminer]

Not a problem.

[a nice guy]

Hello,

I just want to inform you, that my email-address has changed.
It's now http://img4me.com/Wez3.png.


kind regards,
a nice guy

[Retard]

Nice service , has a reported a little error.

[BitcoinOPX]

Good service!

[mistfpga]

Hi,

I have a couple of quick questions,

Would you please advise to what standards you audit against.

What accreditation will I receive upon successful audit, and from what body? Which body has licensed you to give this accreditation? How long do you have left before you need to reapply for a licence?

Do you do CREST and CHECK audits too? How about OWASP? which guidelines do you use?

This thread might help?

https://bitcointalk.org/index.php?topic=93118.0

[davout]

Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:

 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy

Interesting, any references ?

[NRF]

Are you able to do ISO/IEC 27001 accreditation?

I would love to find someone that can for Bitcoin's.  It would have a good chance to sway my employers (the board mainly) into getting more involved in crypto currency's. 

The clients that we do software for regularly move considerable amounts of digital currency across boarders (legally).  It is part of the reason that I am doing more research into the subject of bitcoin's and its ilk.

[mistfpga]

In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.

Just noticed this... Did these various bitcoin websites ask you to pentest their site for them? or did you just decide to poke around at their server and see what happend?

I really hope it is not the latter... that would make me sad... and it would mean that you didnt get your get out of jail free card signed before you 'helped' them out.

If it is the former, keep up the good work

[a nice guy]

Hello,

to clarify a few things: I am not a professional, nor will I reveal my identity.

Some of you might think that I am a script kiddo or something in that direction,
but I can assure you that I am not.

These audits/pentestings are for my further personal education and to help
the bitcoin-community.
I have written a ton of PHP-Code in the past years and I know where possible vulnerabilities
may exist.
When pentesting a site I use the site as it was intended to and get some knowledge about the
style the site was developed in, which can be very useful.
After I have done that, I poke a little bit around look for inconsistencies or weird results and try to
figure out if there are actual exploits.
Basically, I cover the whole OWASP top 10.


I did pentest some sites where the owner didn't asked me to do it.
I am fully aware of the risks and potential consequences, that's the reason I am using tor.


thank you all for you interest

kind regards,
a nice guy