Penetration Testing mailing list archives
Re: pricing model for Pen-test
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 13 Nov 2003 10:41:50 +0100
On Wed, Nov 12, 2003 at 08:47:53PM -0000, a55mnky () yahoo com wrote:
We are responding to an RFP with very little detail - client has 6 class C networks. We have been given no information on how many hosts are live on each and/or how many services are offered on any hosts. Any suggestions on how to price the engagement
We always ask for permission to do a "sweep" portscan before we make the final offer and the price is based on number of open ports and the type of ports - webserver (ports 80 and 443) usually costs a little more than a router (ports 23, 123) etc. Something like nmap -sS -P0 -vvv --max_rtt_timeout=<XXX> -T2 -p<TOP60> <DEST.RANGE> -- Martin Mačok http://underground.cz/ martin.macok () underground cz http://Xtrmntr.org/ORBman/ --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- pricing model for Pen-test a55mnky (Nov 12)
- RE: pricing model for Pen-test Robert E. Lee (Nov 15)
- RE: pricing model for Pen-test Pete Herzog (Nov 15)
- Re: pricing model for Pen-test Martin Mačok (Nov 15)
- <Possible follow-ups>
- Re: pricing model for Pen-test dave (Nov 15)
- RE: pricing model for Pen-test Bojan Zdrnja (Nov 15)
- Re: pricing model for Pen-test dave (Nov 16)