How to find a resource: Security Audit

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
maxd
Forum Commoner
Posts: 41
Joined: Sun Dec 04, 2005 12:12 am
Location: Denver

How to find a resource: Security Audit

Post by maxd »

Our small company has been building Web sites for 9 years, but only in the past 2 have we started using PHP and MySQL. Most of our sites were static HTML, then ColdFusion. Increasingly, we are using PHP.

I am at best an amateur PHP developer, and while my business partner is an expert programmer, his specialty is multimedia, so Lingo is his area of expertise. I frequently post to this board and receive excellent assistance from the community of developers here. It has occurred to me recently, based on the responses to a couple of my questions, that the code I am creating may well be...er...inadequate. :oops: Especially when it comes to security.

I'm wondering if anyone has recommendations for finding reliable, expert assistance, paid, to provide audit services for some of our development projects. Our clients have gotten bigger, and I'm increasingly concerned about the possibility of these larger targets attracting unwanted attention, and my code being well-below standards for protecting our clients from embarassment/catastrophe. 8O

I tried finding a PHP Users Group in Denver (where we're located), but there doesn't seem to be a lot out there.

Thanks for your input.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You could always post in Job Hunt that you are looking for a PHP Security Consultant/Analyst. There are plenty of people around here that have a knack for Security (to me that would most noticeably be Maugrim the Reaper), but there are others that are really expert level PHP Security guru's.
maxd
Forum Commoner
Posts: 41
Joined: Sun Dec 04, 2005 12:12 am
Location: Denver

Post by maxd »

You could always post in Job Hunt that you are looking for a PHP Security Consultant/Analyst. There are plenty of people around here that have a knack for Security
I was just browsing through the jobs forum, contemplating the same idea.

I guess what I was hoping was, someone would say "Oh, what about XYZ? He/she/they/it lives in Colorado!" For whatever reason, I'm hoping to find a local resource. Very old-fashioned of me, I know. I feel a bit strange turning over the keys to a couple of these sites to someone I've never met. No offense meant to anyone! :P

Perhaps we will post in the Jobs forum. I'll discuss with my partner.

Thanks!
max
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I find that a bit odd since i don't know very much script kiddies that think: hey, he lives in the same area... ;)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

maxd wrote:I feel a bit strange turning over the keys to a couple of these sites to someone I've never met. No offense meant to anyone! :P
No offense taken (I'd hope by anyone). It is perfectly understandable. At some point however you are going to have to turn it over to someone that you may not know, so keep that in mind as well. Of course, ultimately you are the decision maker when it comes down to turning it over at all, but it is always a good idea to have someone review your code before pushing it live.
maxd
Forum Commoner
Posts: 41
Joined: Sun Dec 04, 2005 12:12 am
Location: Denver

Post by maxd »

I find that a bit odd since i don't know very much script kiddies that think: hey, he lives in the same area.
Certainly, that was wishful thinking.
Post Reply