Penetration Testing mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: Deri Jones <Deri.Jones () NTA-MONITOR COM>
Date: Tue, 12 Sep 2000 18:23:59 +0100
At 12:05 12/09/00 -0400, you wrote:
The cost of the test would be dependent on the skills of the tester.
I'm not sure this helps any. It leaves the customer with the problem (which they have anyway) of trying to work out how good a particular tester is. But it actually subtly suggests that the customer should use price as the measure of quality... which is how the Big 5 sell so easily!
...snip I also tend to think that you get what you pay for
This is of course a truism, but only only really applies to markets that are more mature where customers can judge the quality of what they're offered more easily - I'm not sure it adds to the question in hand other than to mean 'don't hire the son of a staff member to do it just because he's low cost! I'm not even sure that if we polled a percentage of our >200 customers, that they would really know why they think we're good. Their staff are just not familiar enough with testing to be able to judge. (but maybe I'm making a fuss over nothing here - maybe it's the same when you take the car down the repair shop - when they say you need a new fu-fu valve, well - do you respect them more because they found that out, or suspect that they're exploiting your ignorance to sell repairs you don't need...:<)
If banking is your livelyhood (and considering what the public perception of your bank would be if it were ever hacked) I would probably elect to have multiple pen-tests performed by different companies.
And just how many banks actually do that year on year... not more than 10 or 20% I'd say. And how many banks are tested more than once a year... same % is my guess. Deri Jones NTA Monitor
Current thread:
- [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Cost of Penetration Testing H Carvey (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic edison (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Teicher, Mark (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)