Anyways please mention what kind of prices are you taking about give a range like 0.1 to 3
BTC depending on the website.also if you found any vulnerability in my site would it cost me more to fix it or its been included in the service fees
OK, here are the services I provide in more detail:
1) Automated black box penetration test: 0.5 bitcoin (fixed price)
2) Manual black box penetration test (no source code review): 0.5 bitcoins per day
3) Manual white box penetration test (includes source code review): 1 bitcoin per day
The cost for the automated test is a fixed price. The manual tests will take anywhere from 2 to 15 days depending on the complexity of your website - how many dynamic pages, etc. 1) will give you a reasonable assurance that script kiddies and lame hackers cannot attack you, 2) will give you an assurance your site is protected against skilled hackers, while 3) will give you a very good assurance that you are protected against most attackers.
For all services I will give you a report detailing what's wrong, what is the risk, how I found it and how to fix it.
For services 1) and 2), because I don't have access to the source code the report will contain generic recommendations (filter this input variable, etc).
For service 3), I can pinpoint the line number and tell you how to fix it. You can give this report to a developer and I will answer any questions he/she has. If you would like me to fix the issue, we can agree on a price per issue. If it's something simple like cross site scripting (about 50% of the time) the fix will be free.
As a comparison, prices in the UK for these services range from £1000 to £1500 a day, while in the US from $1200 to $2000 a day.
Firstly why would such huge firms like oil companies, bank etc hire a freelancer
They have a huge hierarchy to cover after all they only go for registered professional companies.
I am the founder and sole owner of a registered professional company - look for Agile Information Security Limited UK in Google and you can find my public records such as registered office, company accounts, etc. I can provide more proof including the certificate of corporation and tax registration letter, etc if you require. Website is coming up soon.
There is a severe shortage of information security specialists in the United Kingdom (and globally), which is driving prices and salaries up. Many people are (like me) going solo as this gives you more flexibility and better pay.
You can find more information on:
http://www.adecco.co.uk/employers/employer-guides/value-of-recruiting-contractors.aspxhttp://www.zdnet.com/uk/skills-shortage-threatening-uk-cybersecurity-could-last-for-20-years-7000011169/http://blogs.cisco.com/security/bridging-the-looming-global-it-security-professional-shortage/http://www.computerweekly.com/news/2240178584/RSA-2013-Cyber-security-skills-shortage-needs-urgent-attention-says-DoHS
