Penetration Testing mailing list archives

Pen-testing - pricing model

From: Chris Stromblad <chris () fragzone se>
Date: Thu, 30 Nov 2006 09:59:58 +0000

Hi list,

Those of you who work with this professionally, what sort of pricingmodel do you use? How do you assess what should be charged for the test?Considering the fact that there are many types of pen-tests and all havedifferent scope. I'm having a hard time figuring out if the prices thathas been given to me are reasonable.

Say I were to give you one of the following scenarios, what would youcharge (roughly):

1. "Black box with shades of gray", 2 /24 networks, not all devices areactive. External scan.


2. Internal scan, only devices

3. Internal scan, procedures, physical security and devices

I know this question is somewhat difficult to answer, because there isno correct answer, but any advice is welcome.


Cheers,
Chris


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Pen-testing - pricing model Chris Stromblad (Dec 01)
- RE: Pen-testing - pricing model Omar Herrera (Dec 03)
- Re: Pen-testing - pricing model Michael Weber (Dec 03)
- Re: Pen-testing - pricing model Christine Kronberg (Dec 03)
- Re: Pen-testing - pricing model Davide Carnevali (Dec 04)
  - Re: Pen-testing - pricing model Kish Pent (Dec 10)
    - Re: Pen-testing - pricing model Christine Kronberg (Dec 11)
    - Re: Pen-testing - pricing model Davide Carnevali (Dec 13)
    - Re: Pen-testing - pricing model Clint Laskowski (Dec 16)
    - Re: Pen-testing - pricing model Christine Kronberg (Dec 16)
    - Re: Pen-testing - pricing model Davide Carnevali (Dec 16)

(Thread continues...)