Professional PHP Security Audit - Recommended Companies

brooky

Hello,

I used to use a fantastic company for professional security audits of our commercial script but they have closed their doors now. Can anyone recommend a company who can carry out a professional security audit on our PHP ecommerce script?

piersk

Does it have to be someone who specifically deals with PHP sites? Having worked on a few sites that needed to be pen-tested, most of our clients seem to use KPMG I believe.

brooky

Thanks for your response. I'd rather have a human read the code who specialized in PHP. Our last Auditor took two weeks to do it.

I'll have a look at KPMG now. I can't say I've heard of it before.

piersk

They do stuff like testing sql injection etc etc

I don't think it was them, but one company got details from our company website and tried to get into the datacentre that we use using a fake ID as one of the directors. Lucky we have good datacentre hosts.

Elizabeth

You can also try OmniTI - that's who bought Chris Shiflett out and they do security audits.

You can also try Stephen Esser's group at Hardened PHP; I know they do audits too.