Re: VA / PT Pricing??

From: Yousif@vapt-sec.com
Date: Sun Feb 24 2008 - 20:59:58 EST

Next message: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
Previous message: Erin Carroll: "InfoSec World Conference, Orlando"
Maybe in reply to: John Drakes: "VA / PT Pricing??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) I believe you could simply measure it by time; how long it will take you. You could also measure by space, which is typically how large or small an organization or company is in terms of it's web applications. Additionally, you can estimate from what types of testing will be done, such as White Box or Black Box Testing. You can also allow your rates to differ through the means of customization depending on the customers needs. You could surely measure the costs by the generating process or effectiveness of the reports that show of all the events that were applied. Furthermore, you can base the price on training or consulting. This will generally include tips and tricks while the assessment is undergoing testing.

-Yousif Yalda
-Security Consultant
-http://Vapt-Sec.Com
-http://YousifYalda.BlogSpot.Com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
Previous message: Erin Carroll: "InfoSec World Conference, Orlando"
Maybe in reply to: John Drakes: "VA / PT Pricing??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:25 EDT