Blog
Pentest scoping insights
Technical writing on penetration test scoping, man-day calculation, vendor pricing and procurement.
- ·9 min readscopingmethodology
Pentest scoping — a technical deep dive into what really drives the number
Why does an API quote 2 MDs and a web app 9? What pushes a number from 3 to 12? A technical walk through every scoping driver.
- ·6 min readprocurementpricing
Why vendors lower their MD rate — and inflate the MD count
If your pentest vendor just dropped their day rate, check the MD count. The total has a way of staying suspiciously similar.
- ·7 min readscopingestimation
How pentest man-days are actually calculated
Most pentest quotes are a black box. Here is what a defensible MD calculation actually looks like — surface units, role multipliers, gating and overhead.