ZeroBit
We are straightforward people. No unnecessary fuss, please.
Say you want a Pentest. We can do that.
You want a quote. We can do that too.
You want a quote without a meeting. That we can't do.
The initial meeting is very important for us to put together a solid quote. Once we've had a meeting and gotten a picture of what your company does and involves, we can draft a proposal.
But what does it actually include? Every quote will (largely) contain the same components, when it comes to a Pentest of course:
Administration: we do put some work into proper contracts and back-office. It is important that everyone involved has immediate access to the right information.
Pentesting itself. It wouldn't be a Pentest quote without a Pentesting component, right? These are the hours we will spend actually testing your application, infrastructure, setup, etc.
Reporting. A report is the end goal of our engagement. Correction: a clear report. We will spend this time creating a clear report that captures all the information you need.
QA. Also known as "Quality Assurance". As one of our core values states, quality is extremely important to us. That is why we make it a separate component to ensure that all information we share is actually correct.
Closing meeting. Of course, a (live) meeting will be set up to go through this report together. This is the ideal moment to create more depth in the project and to clarify certain matters if needed.
All these components are divided into hours. This allows us to work more flexibly.
But what if we don't use all these hours? THAT CAN HAPPEN. We've had this in the past. Then we simply don't invoice them. We only charge for work that has actually been performed.