-1

Generally, to conduct vulnerability assessment and penetration testing (VAPT) for an application, we do charge some amount from the client, based on which criteria the companies charge their customers.

Suppose there are 1000 input fields and 20 pages in an application, then how much can we charge for an entire VAPT? Are there any standards followed by penetration testing companies regarding the pricing for VAPT?

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
sairam.nalluri
  • 1
  • 2
  • 1
    The question how much one can charge for a specific case seems opinion-based to me. The question if there are standards seems on-topic though. (Keeping in mind that the answer might be "no"). – S.L. Barth Feb 12 '16 at 09:40
  • Yes, of course it is opinion based. But in general how does a penetration testing company charge for an web application. Any idea..? – sairam.nalluri Feb 12 '16 at 09:45
  • Depends on the company, the level of testing, the amount of time allowed, the complexity of the app, and, sometimes, the level of the testing personnel. Large companies will usually charge more than sole traders, but will probably offer more services in that price. Pick an amount you're happy to pay, and see what they can offer - good companies will work with you to find a balance of cost and utility – Matthew Feb 12 '16 at 09:56
  • If I knew the answer, I 'd have posted it. Meanwhile, opinion-basef questions are off-topic here. But, the question if there is a standard is objectively answerable, so that part should be OK here. – S.L. Barth Feb 12 '16 at 09:58

1 Answers1

0

So far, I have not seen a single company following a standard to set their price. Often it is something that is either decided by themselves or depending on the services they provide.

Considering the firm I work for, they provide a portal for the users to take a look into the issues discovered by their 'scanning' service. You can either fix them yourself, or hire professionals from the company to get for the issues.

The pricing changes that way as well, if you hire a dedicated person for the issues, you pay per hour or as per the complexity, if you only require a portal, you go by per scan.

Fennec
  • 233
  • 1
  • 12