Attack Surface Mapping Methodology (For Pricing)
The attack surface mapping methodology diagnoses the IP addresses and/or Web Applications (“Targets”) to be tested and provides an exact measurement of the workload. When using this methodology Netragard will use a portscan (not a vulnerability scan) to scan all targets to be tested. The scan will identify which IP addresses are responding, what services are being provided by those IP addresses, what the configurations of those services are, what operating systems are bound to the IP addresses, and much more. The scan will also spider all web pages and web applications that are identified (or provided by the customer to Netragard) and will identify all potential points where data can be provided to the application. When the Attack Surface Mapping (“ASMAP”) is complete it will provide Netragard with an exact representation of workload against which exact pricing can be determined. Netragard requires a $300.00 refundable deposit for ASMAP pricing as it takes roughly 3-6 hours to complete.
Pro’s of ASMAP Pricing
- Reduces the cost of an engagement through target and service consolidation (usually costs far less than other pricing methodologies).
- Cost is exactly accurate and based on a calculation of how much time will be spend testing each parameter (Time Per Parameter or TPP).
- Pricing is 100% transparent to the customer. A higher TPP produces a higher level of threat which also results in a higher cost. A lower TPP produces a lower level of threat which also results in a lower cost.
- Cost can be adjusted to meet any budget by increasing or decreasing the TPP
- No risk of overestimation or underestimation of workload.
- Guarantees that the engagement will be the product of genuine manually driven research rather than the product of automated scanning.
Con’s of ASMAP Pricing
- Requires a $300.00 refundable deposit which is problematic for specific customers
- Takes 3-5 days to produce a proposal