Hello guys,
I have been trying for some time to figure out what is a good way to estimate a “fair” price for a penetration testing activity. I’ve searched online quite a bit, and everyone always says the same thing: consider timing, number of dynamic pages/endpoints/api, etc.
However, I haven’t found “standard” numerics or practical examples to take inspiration from.
So in case you are also involved (or have been involved in the past) in determining prices for your pentest/appsec activities, how did you estimate it?
Thanks 