Hello guys and gals, I've been thinking about starting a business to generate some additional income. I work as a penetration tester (ethical hacker) for the company I am with now. I am thinking about offering these services to small business owners who would want their business websites tested for the standard vulnerabilities exploited by the hackers. Right now, hackers are making a lot of noise, and all over the media so I'm guessing now would be a good time to get started with this. I would love to hear your feedback on this area, specifically: 1 - would you, as a young entrepreneur be interested in such a service? 2 - what do you think would be a fair price point for something like this? The "pros" are charging up to $250 per hour, but at the same time, they're focusing their business toward the big multi-million dollar companies. I would prefer to focus on smaller businesses on whom I can test at night when not busy with my day job. 3 - I'm struggling with this, should I charge by the hour - which guarantees no results, or do I charge per finding that can range from 1 finding to like 300 findings? I'd love to hear your feedback and thoughts on this.
wearing a hat of white is indeed needed, and if you work on this you can be hired by the government to protect our asses. this is far more reality than fiction, especially in these days of international hacking getting more serious, taking a militant stance. 1. Once my sites developed and I needed to know I was secure, yes I would totally hire someone to hack it senseless 2. Do "review" copies first (THAT PEOPLE ASK FOR) and build a resume of sorts on what system you can bypass. Compare with the services pros charge and price accordingly. At first, train and build up your penetration muscle (oh my god...no pun) 3. Hourly rate (but that isn't your bread and butter, its what snags them with the deal)/charge on number of bugs/entries found (if you find 300, charge for 100/200/300)/charge a retainer fee on repeat client that wants you to keep molesting their servers/charge additionally on info to how to fix it and additionally to fix it yourself/if you use any software or have to buy software do not tell them, but pass the cost to your client Disclaimer: You need to protect yourself and your client. You need to make it known to them that they can wreck you if you give away/sell their information to other people/competitors and you need to let them know you will wreck them if they turn on you for any reason and say you were doing this without their permission. Be explicit in your services/coverages.
they already have businesses that do this. its called pen testing. either way if youre good at what you do than i think youll be successful. offering your services here may be a great start.