5 Rules for the “free” Security Assessment
You’ve probably seen it before, you are courting some customer and they actually have a security team who actually audits their partners and vendors and who actually insists that security be important to the company. This customer wants to perform a security assessment of your organization – this might be an automated web scan, or it might be a full blown ISO assessment. Your sales/marketing/whoever person sends off an email like this:
Subject: Fwd: Security Assessment for widget services
Hi Guys, this is a huge opportunity for us but the customer would like to perform a security assessment before we move forward. It sounds like a great opportunity to get some free ethical hacking done and know what kinds of issues we have. What information do you need to allow them to move forward?
So, when you get this (and you eventually will) here are some things to think about.
