The right way versus the wrong way to price a penetration test
The most common question asked is “how much will it cost for you to deliver a penetration test to us?”. Rather than responding to those questions each time with the same exact answer, we thought it might be best to write a detailed yet simple blog entry on the subject. We suspect that you’ll have no trouble understanding the pricing methods described herein because they’re common sense. The price for a genuine penetration test is based on the amount of human work required to successfully deliver the test.
The amount of human work depends on the complexity of the infrastructure to be tested. The infrastructure’s complexity depends on the configuration of each individual network connected device. A network connected device is anything including but not limited to servers, switches, firewalls, telephones, etc. Each unique network connected device provides different services that serve different purposes. Because each service is different each service requires different amounts of time to test correctly. It is for this exact reason that a genuine penetration test cannot be priced based on the number of IP addresses […]