Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Audit

From: "bacano" <bacano () esoterica pt>
Date: Wed, 5 Sep 2001 11:54:27 +0100
hi2all

From: "Simon Wellborne" <simon.wellborne () initiative-technology co nz>


We have a company or two providing quotes on a security audit, including
penetration tests.


Get another two quotes from more companies for a start ...


I am a little concerned about the amount of hours being quoted for some of
these tests.


How many hours do you think an attacker will spend?
At the end this is a matter of how much money you want to spend with this
versus how deep the audit should go ... you must find a balance here.


From peoples experience (and I would like to hear from Professionals who

comduct audits) about what timeframes are 'normally' used.

Our network is relatively small (20-40 users + servers).


A professional probably will take 2/3 days plus one for present a report ...
an attacker that has nothing more usefull to do can have fun for some weeks
...

At the end is a matter of how much you can loose versus how much you can
spend.

hint = ask for 30% discount against a new audit 6 months from this one ...
do they want to get an audit or to get a client? =;o)

[  ]'s bacano



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: