Penetration Testing mailing list archives
Re: Security Audit
From: "bacano" <bacano () esoterica pt>
Date: Wed, 5 Sep 2001 11:54:27 +0100
hi2all From: "Simon Wellborne" <simon.wellborne () initiative-technology co nz>
We have a company or two providing quotes on a security audit, including penetration tests.
Get another two quotes from more companies for a start ...
I am a little concerned about the amount of hours being quoted for some of these tests.
How many hours do you think an attacker will spend? At the end this is a matter of how much money you want to spend with this versus how deep the audit should go ... you must find a balance here.
From peoples experience (and I would like to hear from Professionals whocomduct audits) about what timeframes are 'normally' used. Our network is relatively small (20-40 users + servers).
A professional probably will take 2/3 days plus one for present a report ... an attacker that has nothing more usefull to do can have fun for some weeks ... At the end is a matter of how much you can loose versus how much you can spend. hint = ask for 30% discount against a new audit 6 months from this one ... do they want to get an audit or to get a client? =;o) [ ]'s bacano ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit, (continued)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)
- Re: Security Audit Jonathan Rickman (Sep 07)
- Re: Security Audit Philipp Buehler (Sep 06)
- Re: Security Audit bacano (Sep 06)
- Re: Security Audit bacano (Sep 05)
- Re: Security Audit JCovington (Sep 05)
- Re: Security Audit bacano (Sep 06)
- RE: Security Audit PM Systems - Rick Woehler (Sep 05)
- Re: Security Audit H Carvey (Sep 06)
- RE: Security Audit Filer, Eddie (ZA - Johannesburg) (Sep 06)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
- Re: Security Audit Erik Tayler (Sep 06)
- Re: Security Audit Renaud Deraison (Sep 07)
- Re: Security Audit Justin Stanford (Sep 07)
- Re: Security Audit bacano (Sep 10)