I was curious to know how are Vulnerability Assessment and Penetration testing pricing determined? Not much information available in the internet about that :(
Is there any pricing model OR any real pricing examples available ??
Please help. Thanks in advance.
January 26th, 2008, 08:14 PM
There's no standard as far as base rates go, each company is going to charge you whatever they think they're worth (ie, how much better they think they are than the competition). Startups will tend to be cheaper because they have no solid client list and they want to attract, but you'll get startup quality which isn't a standard either. You may find one better than the current competition, but usually you'll find someone who comes in for a day and ends up just dumping a 300-page retina scan generated report on your desk. Companies who have been doing it for a while will also take big names on their client list into consideration to establish their worth. Then of course the price is going to jump depending on how much you want assessed. To give you an idea, my current company is so huge and does so much that they're not completely concerned with price. They put everything through a simple process: will it hurt our image (such as doing assessments for Julio's Discount Hard Core Porn Emporium) and will we profit reasonably for our amount of work, so they don't have standard rates set in stone.