Transparent Pricing
Security That Fits
Security That Fits
Where You Are
No hidden fees. No surprise invoices. Every engagement includes free retesting and a dedicated client portal. Pick a bundle or build your own.
Free Retesting
No Hidden Fees
Client Portal Access
Auditor-Ready Reports
A La Carte
Individual Services
Starting at $29.99/mo. Pick exactly the services you need. Every engagement includes free retesting.
| Vibe Coding Review AI-generated & vibe-coded app security review | $2,500+ | 2-5 days | Details |
| Code Review Manual + automated source code analysis, SAST triage | $4,500+ | 3-5 days | Details |
| Web Application Pentest OWASP Top 10, business logic, auth & session | $7,500+ | 1-2 weeks | Details |
| API Penetration Testing REST, GraphQL, gRPC — OWASP API Top 10 | $7,500+ | 1-2 weeks | Details |
| Network / Infrastructure Internal & external, credential & relay attacks, lateral movement | $8,000+ | 1-3 weeks | Details |
| Mobile App Pentest iOS & Android, OWASP MASVS, runtime manipulation | $9,000+ | 1-2 weeks | Details |
| Cloud Pentesting AWS, Azure, GCP — IAM, storage, serverless | $9,500+ | 2-3 weeks | Details |
| Active Directory Domain escalation, Kerberoasting, BloodHound attack paths | $10,000+ | 2-3 weeks | Details |
| Container & Kubernetes Container escape, RBAC misconfig, image & registry | $10,000+ | 1-2 weeks | Details |
| SOC 2 Pentest Trust Services Criteria mapping, audit-ready format | $7,599+ | 1-2 weeks | Details |
| GLBA Pentest Safeguards Rule, customer data protection | $8,000+ | 1-2 weeks | Details |
| GDPR Pentest EU data protection controls, breach risk assessment | $9,000+ | 1-2 weeks | Details |
| ISO 27001 Pentest Annex A control effectiveness testing | $10,000+ | 2-3 weeks | Details |
| HIPAA Pentest ePHI validation, technical safeguard testing | $10,000+ | 2-3 weeks | Details |
| NIST CSF Pentest Identify, Protect, Detect framework alignment | $10,000+ | 2-3 weeks | Details |
| NIS2 Pentest EU critical sectors, incident response review | $11,000+ | 2-3 weeks | Details |
| HITRUST Pentest CSF control testing for healthcare & finance | $11,000+ | 2-3 weeks | Details |
| PCI-DSS Pentest Req. 11.3 compliant, segmentation testing, QSA-accepted | $11,500+ | 2-3 weeks | Details |
| SOX Pentest ITGC security testing for public companies | $12,000+ | 2-3 weeks | Details |
| CMMC Pentest Level 2 & 3 testing, CUI boundary validation | $12,000+ | 2-3 weeks | Details |
| FedRAMP Pentest NIST 800-53 controls, ATO package support | $15,000+ | 3-4 weeks | Details |
Also available: DORA, CCPA, CASA/MASA, CIS Controls, and more. View all →
| Social Engineering Phishing, vishing campaigns, employee analytics | $5,000+ | 2-4 weeks | Details |
| Wireless Pentesting Evil twin, rogue AP, WPA2-Enterprise, Bluetooth & RF | $6,000+ | 3-5 days | Details |
| Thick Client Testing Desktop apps — binary, memory, IPC analysis | $8,500+ | 1-2 weeks | Details |
| AI Agent Pentest LLMs, prompt injection, RAG attacks, OWASP LLM Top 10 | $9,500+ | 1-2 weeks | Details |
| Physical Pentesting Badge cloning, tailgating, lock bypass, insider simulation | $10,000+ | 1-2 weeks | Details |
| Smart Contract Audit Web3/DeFi — code review, economic attacks, flash loans | $12,000+ | 1-3 weeks | Details |
| IoT & Hardware Firmware extraction, UART/JTAG/SPI, wireless protocols | $12,500+ | 2-4 weeks | Details |
| ATM & Banking Terminal Physical security, firmware audit, PCI PTS, skimming | $15,000+ | 2-3 weeks | Details |
| Red Team Operations Full adversary simulation, physical + digital, custom TTPs | $25,000+ | 4-8 weeks | Details |
| Attack Surface Management Continuous asset discovery, vulnerability scanning, alerts | $29.99/mo | Ongoing | Details |
| ASM Professional Everything in ASM + executive reports, integrations, account manager | $299/mo | Ongoing | Details |
| Access Reviews User entitlements, least-privilege gaps, stale accounts | $3,000+ | 2-5 days | Details |
| Vulnerability Management Continuous scanning, prioritized remediation, SLA-backed | $25,000/yr | Ongoing | Details |
| Patch Management Automated deployment, risk-based prioritization, rollback | $25,000/yr | Ongoing | Details |
Annual Bundles
Save 40%+ with an Annual Program
Most companies save significantly by bundling. Each includes testing hours, retesting, client portal, and dedicated account management.
Most Popular
Offensive Security
Find and fix vulnerabilities before attackers do
$37,500/yr
~$9,375/quarter
Save 40%+ vs. a la carte
- 2x Web Application Pentests
- 1x Network / Infrastructure Pentest
- 1x API Security Assessment
- 160 testing hours / year
- 24 retesting hours included
- Attack Surface Management
- Quarterly Vulnerability Scanning
- Client Portal & Remediation Tracking
Defensive Security
24/7 monitoring, detection, and incident response
$39,500/yr
~$3,292/month
SOC + EDR + IR combined
- SOC as a Service (24/7/365)
- SIEM & Log Management
- Endpoint Detection & Response
- Incident Response Retainer
- Attack Surface Management
- Threat Intelligence Feed
- Monthly Security Reports
Compliance Package
Get audit-ready and stay compliant with Anchorpoint
$42,500/yr
~$10,625/quarter
Pentest + full audit prep
- Compliance Pentest (SOC 2, ISO, or PCI)
- Gap Assessment & Readiness Review
- Policy & Procedure Templates
- 80 testing hours / year
- 16 retesting hours included
- Continuous Compliance Monitoring
- Quarterly Security Reviews
- Add Vanta/Drata (+$5,000/yr)
Need everything? The Full Stack Bundle combines offensive + defensive + compliance starting at $99,000/yr (save 15%+). Contact sales →
Scoping
What Affects Pricing?
Every engagement is scoped individually based on your environment. Here's what we look at.
Scope & Complexity
Number of endpoints, user roles, integrations, and application size directly affect testing time and cost.
Testing Approach
Black box (no access), gray box (partial), or white box (full source) — each requires different effort.
Compliance Requirements
SOC 2, PCI-DSS, HIPAA, and other frameworks require additional testing controls and specialized reporting.
FAQ
Pricing FAQ
How much does a penetration test cost?
It depends on scope and complexity. Web application pentests start at $7,500, network testing starts at $8,000, mobile app testing starts at $9,000 per platform, and compliance-focused testing starts at $7,599. We provide a free scoping call to give you an exact quote.
Is retesting included?
Yes. All penetration testing engagements include one round of free retesting after you remediate the findings. This ensures your fixes work and gives you a clean report for compliance or stakeholders.
Do you offer startup or bundle pricing?
Yes. We offer three annual bundles: Offensive Security ($37,500/yr), Compliance ($42,500/yr), and Defensive Security ($39,500/yr). Each saves 40%+ vs. purchasing services individually. Combine all three with our Full Stack Bundle starting at $99,000/yr for additional savings.
What's included in the Compliance Package Vanta add-on?
For an additional $5,000/yr, you get a Vanta or Drata compliance automation license. These platforms continuously monitor your infrastructure, automate evidence collection, and keep you audit-ready year-round. We handle integration, onboarding, and auditor coordination.
What do I get in the report?
Every engagement delivers an executive summary, detailed technical findings with CVSS scores, proof-of-concept exploits, step-by-step reproduction instructions, prioritized remediation guidance, and compliance mapping. Formatted for both technical teams and executive stakeholders.
How quickly can you start?
Typical lead time is 1-2 weeks from scoping to kickoff. For urgent engagements (compliance deadlines, insurance requirements, pre-launch testing), we can often accommodate faster timelines.
Ready to Get Started?
Build your own custom bundle and checkout in minutes, or book a free scoping call to talk through your needs with a security engineer.
Not sure which service fits?
Ask Lory — our AI assistant knows every service, price, and timeline. Get instant answers.
