Penetration Testing mailing list archives

Re: Pen-testing - pricing model

From: <sami.ghourabi () icn com tn>
Date: Fri, 01 Dec 2006 21:56:57 +0100

I would try to evaluate necessary time to do the job and charge XX dinars (or
dollars) per 8 hours day

On Thu Nov 30 10:59 , Chris Stromblad  sent:

Hi list,

Those of you who work with this professionally, what sort of pricing 
model do you use? How do you assess what should be charged for the test? 
Considering the fact that there are many types of pen-tests and all have 
different scope. I'm having a hard time figuring out if the prices that 
has been given to me are reasonable.

Say I were to give you one of the following scenarios, what would you 
charge (roughly):

1. "Black box with shades of gray", 2 /24 networks, not all devices are 
active. External scan.

2. Internal scan, only devices

3. Internal scan, procedures, physical security and devices

I know this question is somewhat difficult to answer, because there is 
no correct answer, but any advice is welcome.

Cheers,
Chris


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php\?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: Pen-testing - pricing model, (continued)
- - - Re: Pen-testing - pricing model Davide Carnevali (Dec 16)
    - LophtCrack and SAM Passwd William Woodhams (Dec 19)
    - Re: LophtCrack and SAM Passwd Jerome Athias (Dec 20)
    - Re: LophtCrack and SAM Passwd Justin Lintz (Dec 20)
    - Re: LophtCrack and SAM Passwd killy (Dec 20)
    - Re: LophtCrack and SAM Passwd Brendan Dolan-Gavitt (Dec 20)
    - Re: LophtCrack and SAM Passwd jm (Dec 20)
    - Re: Pen-testing - pricing model intel96 (Dec 16)
    - Re: Pen-testing - pricing model Kish Pent (Dec 17)
    - Re: Pen-testing - pricing model Sels, Roger (Dec 19)
- Re: Pen-testing - pricing model sami.ghourabi (Dec 01)
  - Re: Pen-testing - pricing model crazy frog crazy frog (Dec 03)
  - Re: Pen-testing - pricing model intel96 (Dec 03)
    - Re: Pen-testing - pricing model Stefano Zanero (Dec 03)
    - Re: Pen-testing - pricing model Ozan Ozkara (Dec 03)
    - Re: Pen-testing - pricing model intel96 (Dec 03)
    - Re: Pen-testing - pricing model Lee Lawson (Dec 04)
    - RE: Pen-testing - pricing model Erin Carroll (Dec 04)
- RE: Pen-testing - pricing model Michael Scheidell (Dec 03)
- Re: Pen-testing - pricing model Barry Fawthrop (Dec 16)