Web application security testing pricing

From: Lachniet, Mark (mlachniet_at_sequoianet.com)
Date: 10/06/03

  • Next message: Daniel Nylander: "Re: Wireless Pent-Test" 
    Date: Mon, 6 Oct 2003 10:50:27 -0400
To: <cisspforum@yahoogroups.com>, <pen-test@securityfocus.com>

    Hello all,

    Please forgive the cross-posting. I was wondering if anyone could
    comment on how they have seen web application security analysis work
    priced. By this, I do not mean the typical vulnerability assessment,
    but an assessment of the ASP/SQL code - looking for SQL injections, for
    example. I'm curious to hear from both consultants who offer the
    services, and managers who have purchased it. Also, if this was largely
    automated (using SPI or Sanctum for example) or if there was a lot of
    hands-on analysis by a skilled tester.

    It seems that the industry is somewhat inconsistent in this regard,
    which makes it difficult for organizations to select the most
    appropriate service for their needs. If I get sufficient responses, I
    will try to summarize the comments.

    Thanks,

    Mark Lachniet

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------

  • Next message: Daniel Nylander: "Re: Wireless Pent-Test"