Penetration Testing mailing list archives
Re: Pen-testing - pricing model
From: Kish Pent <kish_pent () yahoo com>
Date: Sat, 9 Dec 2006 00:35:26 -0800 (PST)
Hello all, :) I totally agree with carnevali davide, he's absolutely right because pen-test pricing is based on man hours put in for the work, not the goals or skills. In the company I work, the pricing is usually decided as follows. 1)Once the scope of the test is determined, the standard pricing per hour for 8 hours a day is determined. 2)The report is submitted in hard copy after the test is over with ROI analysis to prove the time-value trade off. Regards --- Davide Carnevali <carnevali () protechta it> wrote:
Generally Pen Test should be a "time based" activity. You define targets, goals and TIME within achieve these goals. Once TIME is defined, with the client, you get the price. Skills are not part of the pricing model: skills affect TIME and goals. My 2 cents Chris Stromblad ha scritto:Hi list, Those of you who work with this professionally,what sort of pricingmodel do you use? How do you assess what should becharged for the test?Considering the fact that there are many types ofpen-tests and all havedifferent scope. I'm having a hard time figuringout if the prices thathas been given to me are reasonable. Say I were to give you one of the followingscenarios, what would youcharge (roughly): 1. "Black box with shades of gray", 2 /24networks, not all devices areactive. External scan. 2. Internal scan, only devices 3. Internal scan, procedures, physical securityand devicesI know this question is somewhat difficult toanswer, because there isno correct answer, but any advice is welcome. Cheers, Chris
------------------------------------------------------------------------
This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or downloadHailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
-- Davide Carnevali CEO Protechta - Information Security OPST, CCSP Tel. +39 0521 2021 Fax. +39 0521 207461 http://www.protechta.it/ e-mail: davide () protechta it Disclaimer: http://www.protechta.it/disclaimer
Kishore Penetration Tester Smart Security 17/1,Upstairs,Sarojini St, T.Nagar , Chennai - 600 017 Phone: 91 98841 80767 ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Pen-testing - pricing model Chris Stromblad (Dec 01)
- RE: Pen-testing - pricing model Omar Herrera (Dec 03)
- Re: Pen-testing - pricing model Michael Weber (Dec 03)
- Re: Pen-testing - pricing model Christine Kronberg (Dec 03)
- Re: Pen-testing - pricing model Davide Carnevali (Dec 04)
- Re: Pen-testing - pricing model Kish Pent (Dec 10)
- Re: Pen-testing - pricing model Christine Kronberg (Dec 11)
- Re: Pen-testing - pricing model Davide Carnevali (Dec 13)
- Re: Pen-testing - pricing model Clint Laskowski (Dec 16)
- Re: Pen-testing - pricing model Christine Kronberg (Dec 16)
- Re: Pen-testing - pricing model Davide Carnevali (Dec 16)
- Re: Pen-testing - pricing model Christine Kronberg (Dec 16)
- Re: Pen-testing - pricing model Davide Carnevali (Dec 16)
- LophtCrack and SAM Passwd William Woodhams (Dec 19)
- Re: LophtCrack and SAM Passwd Jerome Athias (Dec 20)
- Re: LophtCrack and SAM Passwd Justin Lintz (Dec 20)
- Re: Pen-testing - pricing model Kish Pent (Dec 10)