mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 12 Sep 2000 11:11:47 -0700
A previous consulting service company that I used to work for quotes 6 or 8
machines for $25,000, and then scaled upward, depending on the number of
machines to be scanner, number of policies to be reviewed, number of
employees to be interviewed, number of days to complete the objectives of
the engagement, plus number of network nodes to investigate
the $25,000 would get 10 days of two people (cross-check), a nicely bounded
report, a nifty powerpoint presentation and the data
The money is not really in the penetration or assessment phase but the
follow on work: (i.e. policy/procedures, network architecture, system
hardening, source code review, etc).
Everyone is missing it, the penetration test/assessment gets your foot in
the door, low investment on the customer's behalf, and then you whack with
them with the line items.
At 01:42 PM 9/12/00 -0400, Naomi Rubin wrote:
Also, I know that www.canaudit.com has some prices on their website.
It seems it was a simple question, how much does it cost, and there's been
a lot of answers but not to the question.
Try that website. Never saw any prices published anywhere else but looked
there and at the big 5 so you know they're not publishing prices!
>>> Oliver Petruzel <oliverpetruzel () EMAIL COM> 09/12 12:50 PM >>>
There are a few good articles in last month's and this month's issue of
"Information Security". Go to:
IT's FREE and the articles are good enough to make it worth signing up.
It's an actual printed mag! (they still exist!)
The articles I'm speaking of are related to the decision process and the
definitions of "Assessments, pentests, and audits."
It's a four-part series. They go into cost and SOW issues.
Check them out to get a good idea of the various options security firms
have and how to decide when each is applicable in any given situation.
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com