Hello all, :)
I totally agree with carnevali davide, he's absolutely
right because pen-test pricing is based on man hours
put in for the work, not the goals or skills.
In the company I work, the pricing is usually decided
as follows.
1)Once the scope of the test is determined, the
standard pricing per hour for 8 hours a day is
determined.
2)The report is submitted in hard copy after the test
is over with ROI analysis to prove the time-value
trade off.
Regards
--- Davide Carnevali <carnevali@protechta.it> wrote:
> Generally Pen Test should be a "time based"
> activity.
>
> You define targets, goals and TIME within achieve
> these goals.
>
> Once TIME is defined, with the client, you get the
> price.
>
> Skills are not part of the pricing model: skills
> affect TIME and goals.
>
> My 2 cents
>
> Chris Stromblad ha scritto:
> > Hi list,
> >
> > Those of you who work with this professionally,
> what sort of pricing
> > model do you use? How do you assess what should be
> charged for the test?
> > Considering the fact that there are many types of
> pen-tests and all have
> > different scope. I'm having a hard time figuring
> out if the prices that
> > has been given to me are reasonable.
> >
> > Say I were to give you one of the following
> scenarios, what would you
> > charge (roughly):
> >
> > 1. "Black box with shades of gray", 2 /24
> networks, not all devices are
> > active. External scan.
> >
> > 2. Internal scan, only devices
> >
> > 3. Internal scan, procedures, physical security
> and devices
> >
> > I know this question is somewhat difficult to
> answer, because there is
> > no correct answer, but any advice is welcome.
> >
> > Cheers,
> > Chris
> >
> >
> >
>
------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download
> Hailstorm for FREE.
> >
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
> >
> >
>
------------------------------------------------------------------------
>
> --
>
> Davide Carnevali
> CEO
> Protechta - Information Security
> OPST, CCSP
> Tel. +39 0521 2021
> Fax. +39 0521 207461
> http://www.protechta.it/
> e-mail: davide@protechta.it
> Disclaimer: http://www.protechta.it/disclaimer
>
Kishore
Penetration Tester
Smart Security
17/1,Upstairs,Sarojini St,
T.Nagar , Chennai - 600 017
Phone: 91 98841 80767
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|