Penetration Testing mailing list archives
Re: Application security penetration testing rate
From: Steve Friedl <steve () unixwiz net>
Date: Wed, 7 Dec 2005 18:56:58 -0800
On Wed, Dec 07, 2005 at 04:48:27PM -0600, Josh Perrymon wrote:
What do you guys think a fair market rate would be in NYC to perform a 3 month application security penetration test ? The rate I'm looking for is the hourly rate for the pen-tester. What if the tester was taking a 3-month contract and lives out of state// What would a fair blended-rate be?
For what it's worth, for this kind of thing a consultant doesn't start with an hourly rate, he starts (internally) with a *monthly* rate: figure out how that much of your time is worth to you - or what the market can bear - and then work backwards from there into an hourly rate. This honors both the bulk value of purchasing time (to the extent that it matters), and makes you consider up front the sticker-shock aspect of the customer engagement. Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Application security penetration testing rate Josh Perrymon (Dec 07)
- Re: Application security penetration testing rate Steve Friedl (Dec 09)
- <Possible follow-ups>
- RE: Application security penetration testing rate b . hines (Dec 09)
- RE: Application security penetration testing rate mystic33 (Dec 09)
- RE: Application security penetration testing rate Alvin Oga (Dec 10)
- RE: Application security penetration testing rate mystic33 (Dec 09)