Re: Pen-test pricing

[Jason Romo <jromo () networkguardian net>]

Our tests are based on type of machine (router, switch, server, desktop) and
how long it takes on average to penetrate for.  Different devices have
different times to penetrate.  We don't look at all devices we only try to
penetrate the network with out raising any alarms with the support/security
staff of the systems/network.  Our network assessments provide full reports
of all devices and issues that need mitigation.  During our Pentest we treat
it as if we are not authorized, so quite and leave no fingerprint other then
calling cards as proof. This does many things:

1. Tests the IPS/IDS and or other monitoring systems on the network.
2. Tests the support/security staff of these networks.
3. Provides a real world attack test.
4. Many clients have no ideas have have started or even finished our tests.
5. Only one person in the company knows about the test and has no influence
on the test or the results.

We also offer a non-blind test that is just an assessment with proof that
exploits are valid.  This is just a normal network assessment with a
validation addition.

Jason

On 2/3/05 8:21 AM, "Andre Derek Protas" <randori82 () hotmail com> wrote:

> Does anyone have any good figures on pricing for pen-tests?  Is charging
> done per server, location, or hour?  Any help would be appreciated.
>
> ::andre::
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

-- 
Jason Romo, CEO/CSO
Network Guardian Corporation
1-866-NGC-4SEC Office
972-999-1122 local
214-929-7858 Mobile
jromo () networkguardian net
http://www.networkguardian.net