.

PenTesting: Offering Software?

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Nov 05, 2007 7:26 pm

PenTesting: Offering Software?

Do any of you offer software to your pentest clients?

I thought that I had heard it's standard to charge the client for the licensing to use the tool. For example, if I were going to use Core Impact and I had the consultant edition, I would add in the charge for the 32-IP, 4-week (example) engagement license.

My thinking was that I would purchase, say Retina, use it for the engagement, and then turn it over to the client. Is something like this done often? Does anyone else have suggestions/recommendations or other comments regarding something like this?

Obviously the tool would be some sort of network/vulnerability scanner, whether it's ISS, Canvas, Retina, GFI, etc.

Thanks in advance :)

Bill
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Nov 10, 2007 5:37 pm

Re: PenTesting: Offering Software?

For some clients that might be a good thing to do. If the client really can understand the tool and what to look for. In some cases though, I think it can give a novice admin a false sense of security. I dont know of any pentesters that do that though and I never have. I would think about doing it if a I know a client is on a limited budget and cant afford regular pentesting. If I did something like that I would charge more than a standard mark up on software, because I would include a certain amount of hours of consultation.
<<

LSOChris

Post Sat Nov 10, 2007 6:19 pm

Re: PenTesting: Offering Software?

i guess i would consider it if the customer asked me for help with a VA or Pen Testing solution to use in-between audits but you would have to tread carefully.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sun Nov 11, 2007 9:40 am

Re: PenTesting: Offering Software?

Thanks for the replies guys. I still haven't come to a conclusion with this specific client, but I'm thinking this will probably be the only time I make the offer. Thanks again.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software