RE: Application security penetration testing rate

[Alvin Oga <alvin.sec () Mail Linux-Consulting com>]

On Fri, 9 Dec 2005, mystic33 wrote:

> I agree that you must charge by complexity but I believe that the bottom
> rate would be closer to $120 per hour if you do the work yourself. If you
> are a large or small company that must pay hired individuals then the price
> per hour could be up from $120 to above $200 per hour. A company may pay
> employees $35-$100 per hour to perform the work. Clarity and a disclaimer
> are important as well as an agreed upon test plan signed by a person with
> the power and authority to legally bind the company.

that's what i was thinking .. rates over $200/hr ..

and yes, definitive specs and expectations and goals etc, etc
- bulk purchases or specific task based is even better vs single ip# 
  or more precisely "check the webserver" which could be one or hundreds
  of servers

and mostly disclaimers reviewed by lawyers ( not managers that cannot
legally speak/sign on the company's behalf )

c ya
alvin
 


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------