Penetration Testing mailing list archives
Re: VA / PT Pricing??
From: "Jason Thompson" <securitux () gmail com>
Date: Mon, 28 Jan 2008 12:36:01 -0500
Well personally I do them by time required and cost of materials (cost of tools, for example). I know that's pretty general :) Time required is obviously determined by the size of the project, are there any applications involved in the test, will social engineering be done, is stealth required (pen test), is it external or internal or both, etc. Its really a case by case basis a lot of the time. FYI pen test and VA are different. VA's will include a pen testing component as a proof of concept exercise but will be much more thorough and often involve local system access and a more 'open' approach. Pen tests are usually more blind and used to emulate an attacker. Quite useful for testing incident response plans and current countermeasures. -J On Jan 26, 2008 11:43 AM, John Drakes <tornado579 () gmail com> wrote:
Hi, I was curious to know how are Vulnerability Assessment and Penetration testing pricing determined? Not much information available in the internet about that Is there any pricing model OR any real pricing examples available ?? Please help. Thanks in advance. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- VA / PT Pricing?? John Drakes (Jan 28)
- Re: VA / PT Pricing?? Jason Thompson (Jan 28)