Penetration Testing mailing list archives
RE: Application security penetration testing rate
From: Alvin Oga <alvin.sec () Mail Linux-Consulting com>
Date: Sat, 10 Dec 2005 00:27:53 -0800 (PST)
On Fri, 9 Dec 2005, mystic33 wrote:
I agree that you must charge by complexity but I believe that the bottom rate would be closer to $120 per hour if you do the work yourself. If you are a large or small company that must pay hired individuals then the price per hour could be up from $120 to above $200 per hour. A company may pay employees $35-$100 per hour to perform the work. Clarity and a disclaimer are important as well as an agreed upon test plan signed by a person with the power and authority to legally bind the company.
that's what i was thinking .. rates over $200/hr .. and yes, definitive specs and expectations and goals etc, etc - bulk purchases or specific task based is even better vs single ip# or more precisely "check the webserver" which could be one or hundreds of servers and mostly disclaimers reviewed by lawyers ( not managers that cannot legally speak/sign on the company's behalf ) c ya alvin ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Application security penetration testing rate Josh Perrymon (Dec 07)
- Re: Application security penetration testing rate Steve Friedl (Dec 09)
- <Possible follow-ups>
- RE: Application security penetration testing rate b . hines (Dec 09)
- RE: Application security penetration testing rate mystic33 (Dec 09)
- RE: Application security penetration testing rate Alvin Oga (Dec 10)
- RE: Application security penetration testing rate mystic33 (Dec 09)