I am still quite new to the security field and someone asked me yesterday the question: "How much cost a pentest?". Althought the answer to this question is obviously "it depends", I realized I couldn't even answer with a price range.
In addition, I was recently listening to a pentest security course and the teacher frequently mentioned that there are 2 kinds of pentesters: those who run Nessus and give the report they got and those who do it properly. So the following questions relate to a quality pentest, not just running a tool and printing the report.
For these 3 scenarios, what would be the effort (number of people, time) and the cost for a good test? I didn't give more details about these companies because we always have to give a price range without knowing much...
1) Small company of 10 employees.
2) A mid-size company of 100 employees.
3) A large company of 2000 employees.
My very humble rookie guess would be:
1) 1 person, 5 days, $2500
2) 2 people, 7 days, $7000
3) 4 people, 20 days, $40000
How far off am I?