Penetration Testing mailing list archives
Re: [PEN-TEST] Pen-testing reports
From: Max Vision <vision () WHITEHATS COM>
Date: Mon, 26 Mar 2001 10:53:45 -0800
Since I am hardcore technical and dislike business, pricing has been painful. I tried giving customers an extremely customized and accurate price quote based on an hourly rate multiplied by the actual time it would take to audit their network (I've done enough of this to make safe estimates). However, that approach failed miserably. Out of about 30 proposals I had one actual customer, and the proposals were very detailed - possibly nicer than most final reports (quoted prices ranged from $500 to about $5000). I now use a flat rate instead, or alternately just undercut the other leading bid by 50%. A more detailed explanation is available at http://maxvision.net/price.html Your email makes it hard to tell, but you are offering more than a portscan right? In my opinion, if you aren't offering something better than the ISS crystal reports output, then don't bother. That is the LOW end of the reporting spectrum, and it is substantial. Email me off-list if you want some constructive feedback on your reporting. Max On Mon, 26 Mar 2001, Mehmet Murat Gunsay wrote:
Hello, I'd like to have a general idea about the penetration testing reports that people from this mailing list offer to their customers. I'm not sure if the reports we provide as a company are adequate or even good enough. By finding the listening ports on a given subnet, we try to find what services or programs are running and so forth. However, as this approach sometimes may get too deep, pricing such a test also becomes an issue. Is there a specific measure that some of you use for pricing? I believe replies for these questions will help us greatly in redefining our standards and measures. Thanks in advance for all the replies. Regards, Mehmet Murat Gunsay BTKOM A.S. http://www.btkom.com mgunsay () btkom com
Current thread:
- [PEN-TEST] Pen-testing reports Mehmet Murat Gunsay (Mar 26)
- Re: [PEN-TEST] Pen-testing reports bacano (Mar 26)
- Re: [PEN-TEST] Pen-testing reports Max Vision (Mar 26)
- Re: [PEN-TEST] Pen-testing reports Steve Goldsby (Mar 27)
- Re: [PEN-TEST] Pen-testing reports bacano (Mar 27)
- Re: [PEN-TEST] Pen-testing reports bacano (Mar 27)
- Re: [PEN-TEST] Pen-testing reports Steve Goldsby (Mar 27)
- [PEN-TEST] RES: [PEN-TEST] Pen-testing reports Cristiano Lincoln Mattos (Mar 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Pen-testing reports Peter Herzog (Mar 27)
- Re: [PEN-TEST] Pen-testing reports CyberCop (Mar 28)