Suggestions for security code audit expert?

I want to get the source code of my market place software security reviewed.

Code is PHP, NodeJS and Bitcoin-code/wrappers.

I asked some industry professionals, they charge like 700 Euro a day. And calculate 3 till 10 days, 3 days short basic audit, 10 days would be pretty intensiv audit.

Thing is, I wanted to get 2 or 3 indepent reviews, so its gonna be pretty expensive, if I just use proven professionals.

Like 5 days * 700 E * three independent reviews == 10000 Euro. Pretty expensive.

So my question is, how can suggest/recommend trusted code auditers, that are a bit cheaper, but still well skilled and respected?

I know some random(?) people in dark market scene or normal cybercrime scene offer code audits as service. But who is trusted? Who can I use? (Who should I avoid, like rippers, non skilled idiots giving, bad audits, ...).

I would pay $50 tip/fee/thank you to anyone suggesting a service, I later book use. And $10 to everyone giving a solid answer.

(I need trusted contacts, so my audits have some credibility to dark scene community. I/nobody gains something if I get code audit, from hyper intelligent russian wonderkid coder, because if he is unknown, noone would believe a code audit was done.)

Thank you. Fuck the police. Fuck all girls. Take drugs. Do business. Stay safe.


Comments


[6 Points] None:

[deleted]


[2 Points] None:

i am not sure if it is a real good idea to give your code out to anybody given the nature of your business.

you could run a mirror of your site on a different server and let hackers and pentesters hunt bugs and vulns for bounties.


[2 Points] None:

[deleted]


[1 Points] mijaw:

just ask somebody to help you to represent your site at some IT company and they will do it for money. any legal company can audit code, you don't need hackers for that, you will not give them ready made site with drug categories than clean site for Ecommerce. every country has professional IT companies, so, find them, they can do it for money. just put other person to represent your site, it is security measure for you. you should stay in the shadow.

I could do it for you, I can find company to check site for different types of attacks, but I would not do it for 50 bucks than only if you let me to keep the code for myself and publish competitive site, of course with changed design. if you think competition is bad, you are wrong. if thousands of refugees come from SR, Utopia... to your market, police can find out overloaded tor server. therefore they make flood attacks on markets, to find server. therefore backopy shut down BMR, therefore he was happy that his admins make utopia market, more markets are better than one market, better for your own security.

so, if you are selfish, you should find help by yourself, if you are smart, you will support competition and you will make nice profit in any case. so, let me to keep the code with changed design and we can make a deal.

don't forget cops will offer you to audit your code too, or some hacker snitch, he can send you fake solution and implement backdoor in your code.


[1 Points] None:

Maybe try going at it with kali or something, so at least it's hardened enough to deal with script kiddies. Not that I know what I'm talking about mind.


[-7 Points] None:

I can offer a pen-test.