From: Christoph Puppe (puppe@hisolutions.com)
Date: Fri Feb 04 2005 - 06:29:41 EST
Salve,
most companies charge per day. Only if it is a emergency-response, then
by the hour. The number of servers, locations, firewalls, DMZs and other
stuff that is to be tested should help you to calculate a number of
days, that you will need to do a good job (hrs /system * systems / 8)
and meet the targets.
PT-Targets the easy way is first to establish what the customer want's
to protect against:
Class 1 Attacker (governmental or organized crime funded, very
knowledgable, cappable of impressive stunts)
Class 2 Attacker (corp. Espionage or knowledgable person with some funds)
Class 3 Attacker (Skript-Kid, Scanner-Swinging, persons who do not
target your customer, but just look for low hanging fruits)
For Class 1, multiply the number of days you would need for a good job
by two. Class 3, divide by 2 ;)
Andre Derek Protas schrieb:
> Does anyone have any good figures on pricing for pen-tests? Is charging
> done per server, location, or hour? Any help would be appreciated.
>
> ::andre::
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
-- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________ ----------------------------------------------------------------- Besuchen Sie uns vom 10.-16.03. auf der CeBIT in Hannover! In der CEFIS Halle 7 Stand C22/14 informieren Sie unsere Berater zu den Themen Informationssicherheit und IT-Service Management. -----------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT