Penetration Testing mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: "Christopher M. Bergeron" <ChrisB () HGSS COM>
Date: Tue, 12 Sep 2000 12:05:22 -0400
The cost of the test would be dependent on the skills of the tester. In my opinion, the overhead cost for such a test is relatively low (for commercial scanners, free scanners, etc). I also tend to think that you get what you pay for (please don't flame, I know that there are a lot of overcharging, commercial scan only type pen-tester companies out there). The cost the company will charge you will vary depending on many factors: If they have a programming staff to write custom scan-type software; If they have "professional" (aka, not cheap) pen-testers on staff; and if they deal with larger clients or smaller clients, etc... If banking is your livelyhood (and considering what the public perception of your bank would be if it were ever hacked) I would probably elect to have multiple pen-tests performed by different companies. Each company may approach it entirely differently and the more you test the better off you'll be. Of course, you'll have to do the cost/benefit analysis yourself (unless you can easily afford 1000+ pen-tests, har har). Please understand that this is just my opinion on the subject, and I'm relatively certain that you'll receive many other points of view from this list... Viele Glueck, Christopher M. Bergeron
MillerJ () FABSSB COM 09/12/00 09:55AM >>>
Curious what a penetration test would cost. Since the scope can be quite different in each perception, I'll try to define the test: An Internet site with 3 URLs, one of which is secured by password access, to prevent private banking information from becoming public. There are 3 servers, all of which are secured via firewalls. All are running Windows NT ver.5. We need an assurrance that the site is relatively hackerproof; we would prefer to know that it is nearly impossible to hack, but I know that will never be possible. We are interested in protecting a regulated banking environment. Any more info needed, please ask.
Current thread:
- [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Cost of Penetration Testing H Carvey (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic edison (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Teicher, Mark (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)