Penetration Testing mailing list archives
RE: Application security penetration testing rate
From: b.hines () comcast net
Date: Thu, 08 Dec 2005 04:03:39 +0000
I charge by the IP address, depending on the complexity of the testing needed, ie SQL, xss, password crack, ASP, CGI, PHP, Server type, OS type, the list goes on. This will give you a good idea of the the time needed to complete each IP, don't forget the paper work. Good place to start to get a cost per hour or cost per test. Make sure their is good clarity in what is to be tested, when and how and by all means get it in writing, to protect your business. Remember all test's have a beginning, a middle , and a end. Proper expectations means happy clients and happy clients means more work for you. The rest is instinct how much do you feel the client can afford, what value do they put on this work, is it for compliance? An ISO or SOX or SAS70? How many times a year, usually every six months is required. Get creative buy 10 IP addresses get one free. The short answer is anywhere from $35 to $120 per hour. Bob -------------- Original message ---------------------- From: "Josh Perrymon" <perrymonj () networkarmor com>
What do you guys think a fair market rate would be in NYC to perform a 3 month application security penetration test ? The rate I'm looking for is the hourly rate for the pen-tester. What if the tester was taking a 3-month contract and lives out of state// What would a fair blended-rate be? Joshua Perrymon Sr. Security Consultant Network Armor A Division of Integrated Computer Solutions perrymonj( at )networkarmor.com Cell. 850.345.9186 Office: 850.205.7501 x1104 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Application security penetration testing rate Josh Perrymon (Dec 07)
- Re: Application security penetration testing rate Steve Friedl (Dec 09)
- <Possible follow-ups>
- RE: Application security penetration testing rate b . hines (Dec 09)
- RE: Application security penetration testing rate mystic33 (Dec 09)
- RE: Application security penetration testing rate Alvin Oga (Dec 10)
- RE: Application security penetration testing rate mystic33 (Dec 09)