HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 19 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow PenTesting: Offering Software?
Ethical Hacker Community Forums
November 23, 2008, 11:07:47 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: PenTesting: Offering Software?  (Read 1846 times)
0 Members and 1 Guest are viewing this topic.
BillV
Hero Member
*****
Offline Offline

Posts: 862


View Profile
« on: November 05, 2007, 06:26:50 PM »
Do any of you offer software to your pentest clients?

I thought that I had heard it's standard to charge the client for the licensing to use the tool. For example, if I were going to use Core Impact and I had the consultant edition, I would add in the charge for the 32-IP, 4-week (example) engagement license.

My thinking was that I would purchase, say Retina, use it for the engagement, and then turn it over to the client. Is something like this done often? Does anyone else have suggestions/recommendations or other comments regarding something like this?

Obviously the tool would be some sort of network/vulnerability scanner, whether it's ISS, Canvas, Retina, GFI, etc.

Thanks in advance Smiley

Bill
Logged
Kev
Sr. Member
****
Offline Offline

Posts: 347


View Profile
« Reply #1 on: November 10, 2007, 04:37:46 PM »
For some clients that might be a good thing to do. If the client really can understand the tool and what to look for. In some cases though, I think it can give a novice admin a false sense of security. I dont know of any pentesters that do that though and I never have. I would think about doing it if a I know a client is on a limited budget and cant afford regular pentesting. If I did something like that I would charge more than a standard mark up on software, because I would include a certain amount of hours of consultation.
Logged
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1039


View Profile WWW
« Reply #2 on: November 10, 2007, 05:19:40 PM »
i guess i would consider it if the customer asked me for help with a VA or Pen Testing solution to use in-between audits but you would have to tread carefully.
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
BillV
Hero Member
*****
Offline Offline

Posts: 862


View Profile
« Reply #3 on: November 11, 2007, 08:40:22 AM »
Thanks for the replies guys. I still haven't come to a conclusion with this specific client, but I'm thinking this will probably be the only time I make the offer. Thanks again.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.033 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.