Home page logo

pen-test logo Penetration Testing mailing list archives

RE: What to spend on a pentest
From: "Michael Scheidell" <scheidell () secnap net>
Date: Tue, 1 Aug 2006 22:40:07 -0400

-----Original Message-----
From: mttdavis () hotmail com [mailto:mttdavis () hotmail com] 
Sent: Tuesday, August 01, 2006 11:33 AM
To: pen-test () securityfocus com
Subject: What to spend on a pentest

Can someone tell me what is a fair amount to spend on a 
decent pen-test with a simple class C network? 

Google for "penetration testing" and maybe your state (not that the
internet is bound by states)
Find a few companies that look like they know what they are doing and
ask them for a price and an outline of their methodology.

Also, are you looking for a 'hack the flag' test? Go till someone plants
a file on a protected computer? Or obtains otherwise restricted
information? Or are you looking for a full list of all possible

Are you going to ask for a test of the whole class c? or are you going
to give them a list of ip's you want to test?
(if they have to guess, or have to test all 255 ip's, it could cost

Big players will give you a specific/canned set of tests.  Some of the
smaller companies might be able to do something custom.

Get some quotes, throw away the most expensive and the cheapest.
Customer references will be hard (unless you identify yourself other
than from an anonymous 'hotmail' account)

Pick from the rest.
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Take a vacation from Spam: UP to 25% off of SpammerTrap services


This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]