Penetration Testing Pricing

See exactly what makes up the cost of a test.

What is it that we need to know?

Understanding the cost of a professional Web Application Penetration Test should not be a voyage into the unknown. The cost will always be determined by how much needs to be tested and by when. With a scope worked out between us, we will be able to determine the number of security engineers that are required to deliver it within the timeframe you are looking for. Other factors affecting the scope include the number of users you have and the number of dynamic pages that need to be tested. To give you a guide, we have included examples of the types of questions that we will be asking in order to produce the scoping document and from that an accurate quotation. Although there are simple pricing guides as you move down the page, the final cost will be dependent on what is included in the final scoping document agreed with yourself.

Some basic questions

PT Basic questions 2.png

Technical Application Features

Technical Application Features.png

Authentication and Authorisation

Authentication and Authorisation.png

Application Specific Features

Application Specific Features.png

Once the data has been collected, we will use the Service Tiers and the Application Complexity Levels to work out an estimated cost. The estimated cost will be confirmed when all the information is gathered and entered into a Statement of Work for your approval.

Service Tiers

A Service Tier will define the time and type of testing to be performed against a given web application target. This is not to be confused with 'Application Level' which relates to the technical composition and complexity of the application.

The higher the Service Tier, the longer the time it will take to assess the target application. This correlates to the amount of manual penetration testing required to cover those areas that cannot be reached by automated tools.

Application Complexity Levels

Application complexity and the associated levels are determined by the Penetration Testing Technical Engineering Scoping Team.

Application complexity ratings are used to assess the Service Tier requirements. A higher Service Tier will be selected for applications that are more complex.