PaulDotCom mailing list archives
Vulnerability assessments and their cost
From: raffi at flossyourmind.com (Raffi Jamgotchian)
Date: Tue, 5 May 2009 22:29:20 -0400
It really depends on the scope of the assessment, how long you allow, and whether you want a complete assessment or just a penetration. The last time I contracted someone to do this for my previous organization we had to provide time limits in order to keep within budget. With that constraint they basically would provide a single avenue of attack until they got to soft area, at that point they would back out and try another vector, and so forth until time ran out. This was also a fairly reputable firm and they did an excellent job in my opinion. This was over 8 years ago so I don't know if they are still kicking around. I've also previous to that just gotten Nessus reports printed out and handed to me. This was about 12 years ago when I was a relative IT n00b (and not in management yet) Sometimes you do get what you pay for. You'll need to see sample reports that they have generated to get a gauge of the quality of their work. On May 5, 2009, at 5:10 PM, Jason Wood wrote:
I recently received some pricing on a web application vulnerability assessment from a large security service provider who shall remain nameless. This assessment basically consisted of using web application scanner, turning it loose, then performing some verification on the issues reported. No actual exploitation of the application would be done. The price was was fairly expensive. So I have some questions for the everyone. What seems to be the going rate for a: - Web application vulnerability assessment? - Network vulnerability assessment? - Wireless vulnerability assessment? I assume there is some disparity between the prices of a brand name security service provider and a smaller security company. Does anyone know what those differences in price would be? I'm trying to get some idea of what to expect as I contact different companies. I wouldn't mind knowing for any future private endeavors as well. :) Thanks for the help all. Jason _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Vulnerability assessments and their cost Jason Wood (May 05)
- Message not available
- Vulnerability assessments and their cost Norm and Lucie Arendt (May 05)
- Message not available
- Vulnerability assessments and their cost Raffi Jamgotchian (May 05)
- Vulnerability assessments and their cost Jason Wood (May 05)
- Vulnerability assessments and their cost Jim Halfpenny (May 06)
- Vulnerability assessments and their cost Paul Asadoorian (May 07)
- Vulnerability assessments and their cost Jason Wood (May 07)
- Vulnerability assessments and their cost Nathan Sweaney (May 07)
- Vulnerability assessments and their cost Jason Wood (May 05)