From: Jason Thompson (securitux@gmail.com)
Date: Mon Jan 28 2008 - 12:36:01 EST
Well personally I do them by time required and cost of materials (cost
of tools, for example). I know that's pretty general :)
Time required is obviously determined by the size of the project, are
there any applications involved in the test, will social engineering
be done, is stealth required (pen test), is it external or internal or
both, etc.
Its really a case by case basis a lot of the time. FYI pen test and VA
are different. VA's will include a pen testing component as a proof of
concept exercise but will be much more thorough and often involve
local system access and a more 'open' approach. Pen tests are usually
more blind and used to emulate an attacker. Quite useful for testing
incident response plans and current countermeasures.
-J
On Jan 26, 2008 11:43 AM, John Drakes <tornado579@gmail.com> wrote:
> Hi,
>
> I was curious to know how are Vulnerability Assessment and Penetration
> testing pricing determined? Not much information available in the
> internet about that
> Is there any pricing model OR any real pricing examples available ??
>
> Please help. Thanks in advance.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:22 EDT