Penetration Testing mailing list archives
Re: Pen-test pricing
From: Christoph Puppe <puppe () hisolutions com>
Date: Fri, 04 Feb 2005 12:29:41 +0100
Salve, most companies charge per day. Only if it is a emergency-response, then by the hour. The number of servers, locations, firewalls, DMZs and other stuff that is to be tested should help you to calculate a number of days, that you will need to do a good job (hrs /system * systems / 8) and meet the targets. PT-Targets the easy way is first to establish what the customer want's to protect against: Class 1 Attacker (governmental or organized crime funded, very knowledgable, cappable of impressive stunts) Class 2 Attacker (corp. Espionage or knowledgable person with some funds) Class 3 Attacker (Skript-Kid, Scanner-Swinging, persons who do not target your customer, but just look for low hanging fruits) For Class 1, multiply the number of days you would need for a good job by two. Class 3, divide by 2 ;) Andre Derek Protas schrieb:
Does anyone have any good figures on pricing for pen-tests? Is charging done per server, location, or hour? Any help would be appreciated. ::andre:: _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________ ----------------------------------------------------------------- Besuchen Sie uns vom 10.-16.03. auf der CeBIT in Hannover! In der CEFIS Halle 7 Stand C22/14 informieren Sie unsere Berater zu den Themen Informationssicherheit und IT-Service Management. -----------------------------------------------------------------
Current thread:
- Pen-test pricing Andre Derek Protas (Feb 03)
- Re: Pen-test pricing Faisal Khan (Feb 04)
- Re: Pen-test pricing Nathan Sportsman (Feb 04)
- Re: Pen-test pricing Marc (Feb 04)
- RE: Pen-test pricing Tyler Markowsky (Feb 04)
- Re: Pen-test pricing Adam Chesnutt (Feb 04)
- Re: Pen-test pricing Matthew Caston (Feb 04)
- Re: Pen-test pricing Jason Romo (Feb 04)
- <Possible follow-ups>
- Re: Pen-test pricing Christoph Puppe (Feb 04)
- Re: Pen-test pricing (long) Volker Tanger (Feb 04)