I would try to evaluate necessary time to do the job and charge XX dinars (or
dollars) per 8 hours day
On Thu Nov 30 10:59 , Chris Stromblad sent:
>Hi list,
>
>Those of you who work with this professionally, what sort of pricing
>model do you use? How do you assess what should be charged for the test?
>Considering the fact that there are many types of pen-tests and all have
>different scope. I'm having a hard time figuring out if the prices that
>has been given to me are reasonable.
>
>Say I were to give you one of the following scenarios, what would you
>charge (roughly):
>
>1. "Black box with shades of gray", 2 /24 networks, not all devices are
>active. External scan.
>
>2. Internal scan, only devices
>
>3. Internal scan, procedures, physical security and devices
>
>I know this question is somewhat difficult to answer, because there is
>no correct answer, but any advice is welcome.
>
>Cheers,
>Chris
>
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>http://www.cenzic.com/products_services/download_hailstorm.php\?camp=701600000008bOW
>------------------------------------------------------------------------
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|