Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pen-testing - pricing model

from [Davide Carnevali] Network Security [Permanent Link]
Subject: Re: Pen-testing - pricing model
Date: Mon, 04 Dec 2006 12:13:54 +0100 
Generally Pen Test should be a "time based" activity.

You define targets, goals and TIME within achieve these goals.

Once TIME is defined, with the client, you get the price.

Skills are not part of the pricing model: skills affect TIME and goals.

My 2 cents

Chris Stromblad ha scritto: 
Hi list,

Those of you who work with this professionally, what sort of pricing model do you use? How do you assess what should be charged for the test? Considering the fact that there are many types of pen-tests and all have different scope. I'm having a hard time figuring out if the prices that has been given to me are reasonable.

Say I were to give you one of the following scenarios, what would you charge (roughly):

1. "Black box with shades of gray", 2 /24 networks, not all devices are active. External scan.

2. Internal scan, only devices

3. Internal scan, procedures, physical security and devices

I know this question is somewhat difficult to answer, because there is no correct answer, but any advice is welcome.

Cheers,
Chris


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------ 

--

Davide Carnevali
CEO
Protechta - Information Security
OPST, CCSP
Tel. +39 0521 2021
Fax. +39 0521 207461
http://www.protechta.it/
e-mail: davide@protechta.it
Disclaimer: http://www.protechta.it/disclaimer

------------------------------------------------------------------------
Chi riceve il  presente  messaggio e' tenuto a  verificare  se lo  stesso
non gli sia pervenuto per  errore.  In  tal caso e` pregato  di avvisare
immediatamente  il   mittente  e,  tenuto  conto  delle   responsabilita'
connesse  all'indebito  utilizzo  e/o  divulgazione  del  messaggio  e/o
delle  informazioni  in esso contenute,  voglia  cancellare  l'originale
e distruggere  le varie copie  o stampe.

The receiver of this message is required to check if he/she has received
it  erroneously.  If  so,  the   receiver  is  requested  to immediately
inform the sender and - in consideration of the responsibilities arising
from undue use and/or disclosure of the message  and/or  the information
contained therein - destroy the original message and any copy or printout
thereof.
-------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re[2]: Generating awareness amongst IT staff, pand0ra
Next by Date:  Re: RE: CISSP, mr . nasty
Previous by Thread:  Re: Pen-testing - pricing model, Christine Kronberg
Next by Thread:  Re: Pen-testing - pricing model, Kish Pent
Indexes:  [Date] [Thread] [Top] [All Lists]