Request a pentest

Typical scope

  • Web app + API
  • Network / AD
  • Cloud / Kubernetes
  • Red team

Resources

Browse providers

Penetration testing costs

Penetration testing costs depend less on a vendor name and more on scope, depth, and constraints. Clear definitions lead to offers that are comparable and reliable.

From practice: unclear access, missing test accounts, or undocumented entry points often lead to re-estimation or reduced scope.

Updated: Feb 2026

What really drives cost

Scope & assets

Number of applications, APIs, hosts, cloud accounts, and external entry points.

Depth & method

Manual testing, business-logic checks, auth bypass, and exploit evidence.

Constraints

Prod vs staging, timeboxing, RoE, access to test accounts or logs.

Deliverables

Executive summary, technical report, PoCs, re-test, and fix verification.

Why there is no fixed price

Pentests are tailored to your systems. Small differences in scope, access paths, or test depth can shift effort significantly. That is why scoping clarity matters more than any price list.

How we estimate effort

We use technical and organizational basics: number of assets, auth and role model, data criticality, test windows, environments, re-test needs, and the availability of accounts and logs. Anything missing is captured as an assumption or priced as risk.

Fits, if
  • scope is roughly bounded
  • a test window exists
  • accounts and access can be planned
Not a fit, if
  • systems are not reachable yet
  • responsibilities are unclear
  • scope is open and unlimited

Typical cost drivers

These factors most often increase effort.

  • many systems or highly connected environments
  • complex authentication and role models
  • production systems with tight test windows
  • multiple test types in parallel (web + network + cloud)
  • additional compliance requirements (e.g., specific report formats)

Depth and assurance (comparison)

Short testDeep test
Standard paths and baseline checksBusiness logic, role changes, misuse cases
Lower coordination overheadMore analysis, alignment, and re-tests
Shorter durationHigher time demand

Process in 4 steps

  1. 1. Clarify scope: goals, boundaries, assets, test windows.

  2. 2. Prioritize: start with critical systems, cover edges later.

    1. Provide context:

    architecture, auth, tech stack, known risks.

    1. Set expectations:

    define risk and impact criteria.

Example for orientation (anonymized)

Two web apps, one API, five roles, and stable test accounts are predictable. The same functional scope with added subdomains, production dependencies, and missing accounts usually means more exploration and alignment effort plus higher re-test needs.

You will get

Deliverables
  • Executive summary and technical report
  • PoCs and impact assessment
  • Re-test and fix verification
Documentation
  • Scope, method, and assumptions
  • Stop criteria and effort estimate
  • Roles and contacts

Provider criteria (2 groups)

Quality signals
  • clear test goals and boundaries
  • method based on OWASP/ASVS or PTES
  • transparent effort estimate
Contract clarity
  • re-test policy and stop criteria
  • deliverables with example structure
  • documented dependencies
Scope note

This page provides orientation for effort estimation. It does not replace a binding offer, legal advice, or a compliance assessment.

FAQ

  • Which factors drive penetration testing costs most?

    Asset scope, auth complexity, test depth, and operating constraints are the biggest drivers. Missing access details or test accounts usually add effort.

  • How does test depth affect effort?

    Deeper tests include more analysis, role changes, and misuse scenarios. That increases alignment time, findings work, and re-tests.

  • What should I provide before a pentest?

    You need a roughly bounded scope, test windows, and contacts. Test accounts, access, and logs help reduce assumptions.

  • What makes an offer reliable?

    It states goals, method, effort estimate, assumptions, and deliverables. A re-test policy and stop criteria should be documented.

  • When is a pentest not a fit?

    If systems are not reachable or scope is open-ended, effort is not estimable. In that case, clarify the framework first.

Next steps (checklist)

You need this for a reliable estimate.

  • Outline scope and list systems
  • Set test windows and contacts
  • Prepare accounts, access, and logs
  • Prioritize expected deliverables
Next step

Briefly describe your need. We help assess scope and effort realistically. Note: we advise on preparation and selection, but do not run tests.

Open request form

Not sure which test type fits?

Request a pentest