RE: What to spend on a pentest

From: Michael Scheidell (scheidell@secnap.net)
Date: Tue Aug 01 2006 - 22:40:07 EDT

• Next message: Krpata, Tyler: "RE: Let's exploit this"
• Previous message: Frank: "Re: [lists] RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer"
• Maybe in reply to: mttdavis@hotmail.com: "What to spend on a pentest"
• Next in thread: Michael Weber: "Re: What to spend on a pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: mttdavis@hotmail.com [mailto:mttdavis@hotmail.com]
> Sent: Tuesday, August 01, 2006 11:33 AM
> To: pen-test@securityfocus.com
> Subject: What to spend on a pentest
>
>
> Can someone tell me what is a fair amount to spend on a
> decent pen-test with a simple class C network?

Google for "penetration testing" and maybe your state (not that the
internet is bound by states)
Find a few companies that look like they know what they are doing and
ask them for a price and an outline of their methodology.

Also, are you looking for a 'hack the flag' test? Go till someone plants
a file on a protected computer? Or obtains otherwise restricted
information? Or are you looking for a full list of all possible
vulnerabilities?

Are you going to ask for a test of the whole class c? or are you going
to give them a list of ip's you want to test?
(if they have to guess, or have to test all 255 ip's, it could cost
more)

Big players will give you a specific/canned set of tests. Some of the
smaller companies might be able to do something custom.

Get some quotes, throw away the most expensive and the cheapest.
Customer references will be hard (unless you identify yourself other
than from an anonymous 'hotmail' account)

Pick from the rest.

-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Take a vacation from Spam: UP to 25% off of SpammerTrap services
http://www.spammertrap.com/vacation
 
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Krpata, Tyler: "RE: Let's exploit this"
• Previous message: Frank: "Re: [lists] RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer"
• Maybe in reply to: mttdavis@hotmail.com: "What to spend on a pentest"
• Next in thread: Michael Weber: "Re: What to spend on a pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:30 EDT