Re: pricing model for Pen-test

From: Martin Mačok (martin.macok_at_underground.cz)
Date: 11/13/03

  • Next message: William J. Craig: "RE: Security Posture Assessment" 
    Date: Thu, 13 Nov 2003 10:41:50 +0100
To: pen-test@securityfocus.com

    On Wed, Nov 12, 2003 at 08:47:53PM -0000, a55mnky@yahoo.com wrote:

    > We are responding to an RFP with very little detail - client has
    > 6 class C networks. We have been given no information on how many
    > hosts are live on each and/or how many services are offered on any
    > hosts. Any suggestions on how to price the engagement

    We always ask for permission to do a "sweep" portscan before we make
    the final offer and the price is based on number of open ports and the
    type of ports - webserver (ports 80 and 443) usually costs a little
    more than a router (ports 23, 123) etc.

    Something like
    nmap -sS -P0 -vvv --max_rtt_timeout=<XXX> -T2 -p<TOP60> <DEST.RANGE> 

    -- 
         Martin Mačok                 http://underground.cz/
   martin.ma***@underground.cz        http://Xtrmntr.org/ORBman/
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
  • Next message: William J. Craig: "RE: Security Posture Assessment"
    • Quantcast