RE: Application security penetration testing rate

From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)
Date: Sat Dec 10 2005 - 03:27:53 EST


On Fri, 9 Dec 2005, mystic33 wrote:

> I agree that you must charge by complexity but I believe that the bottom
> rate would be closer to $120 per hour if you do the work yourself. If you
> are a large or small company that must pay hired individuals then the price
> per hour could be up from $120 to above $200 per hour. A company may pay
> employees $35-$100 per hour to perform the work. Clarity and a disclaimer
> are important as well as an agreed upon test plan signed by a person with
> the power and authority to legally bind the company.

that's what i was thinking .. rates over $200/hr ..

and yes, definitive specs and expectations and goals etc, etc
- bulk purchases or specific task based is even better vs single ip#
  or more precisely "check the webserver" which could be one or hundreds
  of servers

and mostly disclaimers reviewed by lawyers ( not managers that cannot
legally speak/sign on the company's behalf )

c ya
alvin
 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT