Penetration Testing mailing list archives
Re: Pen-test pricing
From: "Nathan Sportsman" <nathan () praetoriansolutions com>
Date: Thu, 3 Feb 2005 11:22:09 -0600 (CST)
The client is interested in the bottom line: how much am I going to pay and what am I getting for my money. Generally, what the client wants is an estimate for the total cost of the project. At my company, the estimation is derived by the number of man hours required to fulfill the project's deliverables. I have seen some companies follow a per server based pricing model; however, it has been my experience that the level of service these companies offer is nothing more than an automated vulnerability scan. Because the quality of work isn't very good, the time spent on each system isnt very long. Subsequently, the consulting company can significantly beef up its margins by charging on a per server rather than a per hour basis. In the end, the client pays for it, figuratively and literally. I do not agree with this. As you know the complexity between servers varies and subsequently the time needed to test varies as well. I believe the an hourly rate is the best way to charge for your services, where the rate you charge depends on your credentials and the quality of service your service. Nathan Sportsman Praetorian Security Solutions
Does anyone have any good figures on pricing for pen-tests? Is charging done per server, location, or hour? Any help would be appreciated. ::andre:: _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Current thread:
- Pen-test pricing Andre Derek Protas (Feb 03)
- Re: Pen-test pricing Faisal Khan (Feb 04)
- Re: Pen-test pricing Nathan Sportsman (Feb 04)
- Re: Pen-test pricing Marc (Feb 04)
- RE: Pen-test pricing Tyler Markowsky (Feb 04)
- Re: Pen-test pricing Adam Chesnutt (Feb 04)
- Re: Pen-test pricing Matthew Caston (Feb 04)
- Re: Pen-test pricing Jason Romo (Feb 04)
- <Possible follow-ups>
- Re: Pen-test pricing Christoph Puppe (Feb 04)
- Re: Pen-test pricing (long) Volker Tanger (Feb 04)