Pen-testing - pricing model
- From: Chris Stromblad <chris@xxxxxxxxxxx>
- Date: Thu, 30 Nov 2006 09:59:58 +0000
Hi list,
Those of you who work with this professionally, what sort of pricing model do you use? How do you assess what should be charged for the test? Considering the fact that there are many types of pen-tests and all have different scope. I'm having a hard time figuring out if the prices that has been given to me are reasonable.
Say I were to give you one of the following scenarios, what would you charge (roughly):
1. "Black box with shades of gray", 2 /24 networks, not all devices are active. External scan.
2. Internal scan, only devices
3. Internal scan, procedures, physical security and devices
I know this question is somewhat difficult to answer, because there is no correct answer, but any advice is welcome.
Cheers,
Chris
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Follow-Ups:
- Re: Pen-testing - pricing model
- From: Davide Carnevali
- Re: Pen-testing - pricing model
- From: Christine Kronberg
- Re: Pen-testing - pricing model
- From: Michael Weber
- RE: Pen-testing - pricing model
- From: Omar Herrera
- Re: Pen-testing - pricing model
- Prev by Date: RE: Outgoing Port Check
- Next by Date: RE: Outgoing Port Check
- Previous by thread: RE: Outgoing Port Check
- Next by thread: RE: Pen-testing - pricing model
- Index(es):
Relevant Pages
|
