Author

Topic: Service: security audits (Read 2948 times)

newbie
Activity: 27
Merit: 0
July 30, 2012, 01:55:41 PM
#18
Hello,

to clarify a few things: I am not a professional, nor will I reveal my identity.

Some of you might think that I am a script kiddo or something in that direction,
but I can assure you that I am not.

These audits/pentestings are for my further personal education and to help
the bitcoin-community.
I have written a ton of PHP-Code in the past years and I know where possible vulnerabilities
may exist.
When pentesting a site I use the site as it was intended to and get some knowledge about the
style the site was developed in, which can be very useful.
After I have done that, I poke a little bit around look for inconsistencies or weird results and try to
figure out if there are actual exploits.
Basically, I cover the whole OWASP top 10.


I did pentest some sites where the owner didn't asked me to do it.
I am fully aware of the risks and potential consequences, that's the reason I am using tor.


thank you all for you interest

kind regards,
a nice guy
 

member
Activity: 86
Merit: 13
July 30, 2012, 05:07:44 AM
#17
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.

Just noticed this... Did these various bitcoin websites ask you to pentest their site for them? or did you just decide to poke around at their server and see what happend?

I really hope it is not the latter... that would make me sad... and it would mean that you didnt get your get out of jail free card signed before you 'helped' them out.

If it is the former, keep up the good work Smiley
NRF
sr. member
Activity: 279
Merit: 250
July 30, 2012, 03:32:05 AM
#16
Are you able to do ISO/IEC 27001 accreditation?

I would love to find someone that can for Bitcoin's.  It would have a good chance to sway my employers (the board mainly) into getting more involved in crypto currency's. 

The clients that we do software for regularly move considerable amounts of digital currency across boarders (legally).  It is part of the reason that I am doing more research into the subject of bitcoin's and its ilk.
legendary
Activity: 1372
Merit: 1008
1davout
July 30, 2012, 03:07:29 AM
#15
Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:

 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy

Interesting, any references ?
member
Activity: 86
Merit: 13
July 30, 2012, 02:58:52 AM
#14
Hi,

I have a couple of quick questions,

Would you please advise to what standards you audit against.

What accreditation will I receive upon successful audit, and from what body? Which body has licensed you to give this accreditation? How long do you have left before you need to reapply for a licence?

Do you do CREST and CHECK audits too? How about OWASP? which guidelines do you use?

This thread might help?

https://bitcointalksearch.org/topic/list-of-security-auditors-in-the-community-93118
member
Activity: 112
Merit: 10
July 29, 2012, 06:56:55 PM
#13
Good service!
vip
Activity: 448
Merit: 252
June 01, 2012, 05:02:37 PM
#12
Nice service , has a reported a little error.
newbie
Activity: 27
Merit: 0
April 21, 2012, 05:16:35 AM
#11
Hello,

I just want to inform you, that my email-address has changed.
It's now http://img4me.com/Wez3.png.


kind regards,
a nice guy
newbie
Activity: 42
Merit: 0
April 19, 2012, 01:54:39 AM
#10
Not a problem.
newbie
Activity: 27
Merit: 0
April 19, 2012, 01:42:40 AM
#9
Hello highlevelminer,

I don't mean to be rude, but could you please use your own thread?!


kind regards,
a nice guy
newbie
Activity: 42
Merit: 0
April 18, 2012, 06:38:39 PM
#8
Nice!

I plan on getting into the networking security sector myself so anyone interested in any tidbits on network security feel free to ask.

I can offer semi-professional advice

Smiley
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
April 16, 2012, 11:43:46 PM
#7
Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy

Excellent, excellent, I'll be contacting you before the end of the month in that case.
newbie
Activity: 27
Merit: 0
April 16, 2012, 12:17:55 PM
#6
Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
April 15, 2012, 08:11:40 PM
#5
Ive noticed that no security scanner will detect ajax vulnerabilites, is this ajax vulnerabilites apart of your services?
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
April 15, 2012, 04:27:46 PM
#4
hi

just a quick note to let you know that we used OP expertise and are very happy abut the result of the audit and the possible vulnerabilities that were put to light and fixed by OP.

i only can recommend this service to any one that care about their customers privacy.

thanks


 
newbie
Activity: 27
Merit: 0
April 06, 2012, 03:47:53 PM
#3
Hey Blind,

it depends on the size of the site.
I had in mind getting something upfront and a "bounty" for every vulnearbility.

kind regards,
a nice guy
full member
Activity: 235
Merit: 100
April 06, 2012, 02:44:30 PM
#2
Out of curiosity, how much do you charge for pen testing?
newbie
Activity: 27
Merit: 0
April 06, 2012, 09:41:11 AM
#1
Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:
http://img4me.com/Wez3.png
 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy
Jump to: