[Owasp-Mumbai] Penetration testing - effort estimation

Sagar Surana sagar.surana at amdocs.com
Tue Apr 29 08:53:51 EDT 2008


  I would like to start a new discussion here to discuss on effort
estimation for penetration testing. ( Keeping aside the business
motivations behind it. )


There is a wide range of different ways that companies estimate... , I
am currently facing a lot of problem is terms of demands of management
is terms of effort reduction for security testing...


Typically I estimate around 30-40 days of effort ( Including retest )
for a system with 40-50 dynamic screens..., lot of data driven, Oracle
as DB... 


The method is follow while testing is 

Do a test Design ( 40% )

Perform Test Execution ( 60% )


Keep Smiling, 
Sagar Subhash Surana 
System Testing

+91.20.4015.3207 (desk)
2091.3207 (Internal) 
+91.20.4015.3910 (fax)



Did you know...?

As the industry's first customer experience system, Amdocs CES 7.5
<http://amdocs.com/Site/Vision/ces75.htm>  helps service providers
differentiate brand, accelerate growth, integrate effectively and assure
success so they can transform with lower risk.


It's not what you are that holds you back, it's what you think you're


This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20080429/f353ad00/attachment.html 

More information about the OWASP-Mumbai mailing list