Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Reasonable price for penetration testing?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Reasonable price for penetration testing?

Checking some prices and its crazy expensive.. anyone know any reasonable companies out there that can throw up an official looking "passed" document ;)

Comments

  • hzrhzr Member, Moderator
  • Gotta ask for a quote.. we're not talking like 10k usd are we?

  • ehabehab Member

    f++k+++ is always expensive.

    • do not prepay > 1 year and check for reviews/support
    • only use monthly from a provider operating < 1 year 🍆
  • darvil said: Gotta ask for a quote.. we're not talking like 10k usd are we?

    No normally it would be quite a bit more.

    #lexit spread the word.

  • drserverdrserver Member, Host Rep

    250 usd per hour is what you can expect

    Unmetered servers starting from $12.00 USD p/m. Xeon® E-2134 for $50.00 p/m ||| Xeon® Silver 4110 for $80.00 p/m
    Live server stock ||| Feel free to contact me for custom deal.

  • Security is expensive

    Price will vary on the size of the target and depth you want

    At a certain scale, might be worth it to hire someone, instead of contracting the job

    Really depends on your situation

  • @drserver said:
    250 usd per hour is what you can expect

    Dammit, you stole my line.

    🐴 $2/mo 512MB KVM - Unmetered bandwidth. $1.25 for 256GB Block Storage - from BuyVM (aff)

  • MicroSerum said: At a certain scale, might be worth it to hire someone, instead of contracting the job

    The idea is to have outside review, with the hope of catching anything your internal team may have missed. If you're a huge organization (e.g. Amazon or Google) with serious internal security engineering, you might not go for outside audits, but even then you can still miss stuff and those companies tend to have bug bounty programs and pay out on them regularly.

    #lexit spread the word.

  • cpsdcpsd Member

    It would be interesting some LET prices here for our small projects :)

  • FHRFHR Member, Provider

    If you want dirt cheap penetration testing, I have a feeling most testers will just run Nessus and call it a day.

    What sort of testing did you have in mind? Whitebox, greybox or blackbox? Do you want a "real" pentest or just someone who runs a tool and then writes a flashy looking report?

    Thanked by 3Daniel15 willK uptime

    SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
    Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

  • SplitIceSplitIce Member, Provider

    @FHR the latter I'd say

    darvil said: throw up an official looking "passed" document

    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in the Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • williewillie Member
    edited August 2019

    They don't want to do that because if they miss something and you get pwned from it, they look bad. They always want to break your stuff. Among other things that shows you that you did the right thing by hiring them.

    #lexit spread the word.

  • Change approach to a problem: pay per bug found. Bounties.

    hostwp.net -- Wordpress Hosting for Developers.

  • It helps if the bounties you pay are more than the value of the exploits, and if you are basically big enough to self-insure like Google. Part of the idea of audits is to give you some backup that your code wasn't crap, in the event that something happens. Bounties don't really do that.

    #lexit spread the word.

  • @willie Bounties don't really do that.

    Bounties immitate real world hack attempts more like code audit. But yea, you are correct, at least first there should be source code evaluation.

    hostwp.net -- Wordpress Hosting for Developers.

  • darvil said: throw up an official looking "passed" document

    I can do that for $7. Payment by Bitcoin. Payment first.

  • I won't let myself get penetrated for less than 7 USD. I am classy.

    Thanked by 2pike bikegremlin

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • raindog308raindog308 Administrator, Moderator

    LTniger said: Change approach to a problem: pay per bug found. Bounties.

    Maybe OP is talking about something different...to me, a pen test is "I have a DC or network, you are outside it, try to get in". The company may do no software development but wants someone to test their network, see if they have vulnerable web apps, see if girl friday will double-click on the invoice.exe attachment, etc.

    Thanked by 1marrco

    For LET support, please visit the support desk.

  • Don't forget the USB stick dropped in the parking lot.

    Thanked by 2raindog308 marrco

    #lexit spread the word.

  • jhjh Member
    edited August 2019

    I only know one company that does it for less than about $10k and they're badly managed and rely somewhat on students. If you don't want to spend that, I would just hire an experienced developer to do a code review.

    Thanked by 1pxhaxor
  • It's okay to charge +-$15k to be done in 2 months time , at least in where i live anyway. Although it will depends heavily on the project's scope and time. Better to ask for a quotation.

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

Sign In or Register to comment.