From: Chris Stromblad (chris@fragzone.se)
Date: Thu Nov 30 2006 - 04:59:58 EST
Hi list,
Those of you who work with this professionally, what sort of pricing
model do you use? How do you assess what should be charged for the test?
Considering the fact that there are many types of pen-tests and all have
different scope. I'm having a hard time figuring out if the prices that
has been given to me are reasonable.
Say I were to give you one of the following scenarios, what would you
charge (roughly):
1. "Black box with shades of gray", 2 /24 networks, not all devices are
active. External scan.
2. Internal scan, only devices
3. Internal scan, procedures, physical security and devices
I know this question is somewhat difficult to answer, because there is
no correct answer, but any advice is welcome.
Cheers,
Chris
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:23 EDT