Re: Pen-testing - pricing model

  Davide,

> Skills do not relate to the time you need to do the test.
> Pen Test means "Try to get in and tell me what you can reach".

  And then you tell the customer that you didn't accomplish a
  thing because you didn't had a clue what to do and not enough
  time to get the clue?!
  Yes, time does relate to skills. Directly. My skills enable me
  not only to perform the testing but read the results correctly
  in a reasonable time to fire off the next proper set of tests.

> When you perform a pen test you must define:
> - Targets
> - (reasonably) goals
> - Timeframe within achieve these goals
> - Areas of the test (Internet, X.25, PSTN, Wi-fi/Bluetooth etc.): if you 
> define these, you are probably limiting the "vision" of the test and the 
> achievement of your goals
>
> You have to achieve these goals within a given timeframe.
>
> In this scenario, skills relate to the goals you reach.

  100% agree. And there are times that I am not able to reach the
  goals in the given time simply because I cannot do it while others
  can. Because my set of skills simply do not match. So I tell my
  customer to give the job to someone else.

  Cheers,

  Chris.




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------