Testing for potential/actual vulnerability of the site


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
4 views
The question arose whether the Runet people who do this for a living, how much it costs and what is generally considered.
For example, if I can find a man with whom we will make a price(xss,sql inj,shell, access to source code) and he digs, and I pay for what I got.
Interested in black box testing, when the "attacker" digs wherever possible, having only a basic knowledge.

PS: the Question relates to the projects owned by me and not the competitors/foes/Google.
by | 4 views

4 Answers

0 like 0 dislike
What the site says? What database is used?
by
0 like 0 dislike
Try to ask @devteev (it is, and on habré). A friend working in the company of Positive Technologies, and deals with just information security.
by
0 like 0 dislike
There are antichat.ru
by
0 like 0 dislike
There is a white hat is black hat. Is audit from the branded companies like positive or groupib. This is all, of course, is a lot depends on the volume of work and goals.

If you have a simple website in-house, then it is relatively easy. But if a CMS or large infrastructure, and the complexity and time increase. Not very clear what you want: a piece of paper, you're good, or to the bitter torment of a hacker to find a vulnerability in those areas in which you doubt :)

In any case, look to the side of the security scanners like acunetix.com or metascan.ru they do the same thing, dig only basic knowledge, but automatically. It's faster and cheaper.
by
110,608 questions
257,186 answers
0 comments
27,842 users