Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pen-test pricing

from [Nathan Sportsman] Network Security [Permanent Link]
Subject: Re: Pen-test pricing
Date: Thu, 3 Feb 2005 11:22:09 -0600 (CST) 

The client is interested in the bottom line: how much am I going to pay
and what am I getting for my money. Generally, what the client wants is an
estimate for the total cost of the project. At my company, the estimation
is derived by the number of man hours required to fulfill the project's
deliverables.

I have seen some companies follow a per server based pricing model;
however, it has been my experience that the level of service these
companies offer is nothing more than an automated vulnerability scan.
Because the quality of work isn't very good, the time spent on each system
isnt very long. Subsequently, the consulting company can significantly
beef up its margins by charging on a per server rather than a per hour
basis. In the end, the client pays for it, figuratively and literally. I
do not agree with this. As you know the complexity between servers varies
and subsequently the time needed to test varies as well. I believe the an
hourly rate is the best way to charge for your services, where the rate
you charge depends on your credentials and the quality of service your
service.

Nathan Sportsman
Praetorian Security Solutions


Does anyone have any good figures on pricing for pen-tests?  Is charging
done per server, location, or hour?  Any help would be appreciated.

::andre::

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Pen-test pricing, Faisal Khan
Next by Date:  Re: Google getting smarter ?!?!, Matthew . Dalton
Previous by Thread:  Re: Pen-test pricing, Faisal Khan
Next by Thread:  Re: Pen-test pricing, Marc
Indexes:  [Date] [Thread] [Top] [All Lists]