Rate Card, Standard Pen Tests.
The quickest, easiest contact form you are likely to find:

Your Email or Phone:

Enter code:

Penetration Testing Cost and Price Quotes

Home - What - Why Pen Test - Why High Bit - Types - Reports - PTaaS - How Much?

penetration testing price quote

Cost of a Penetration Test from High Bit Security

Here is a current penetration testing price quote for our most commonly encountered types of penetration testing. Some providers are reluctant to publish their fees for penetration testing. With 10 years of experience, automated pricing starting at $795 and high quality manual penetration testing prices starting at $2,900, we do not hesitate to quote our pen test pricing.

TypeDescriptionPrice, USD
AutomatedExternal Network Penetration Test, up to 32 IP addresses.$795
AutomatedExternal Web Application Penetration Test Cost, one web application, black box.$895
AutomatedExternal Web Application Penetration Test Cost, one web application, credentialed testing.$1,895
Manual-1External Network Penetration Test Cost, up to 32 IP addresses.$2,900
Manual-1External Web Application Penetration Test Cost, black box.$2,900
Manual-1Web Package Deal, black box. Includes one External Web Application Penetration Test, black box, plus Network and Host Configuration testing of the host web server.$3,400
Manual-1Web Package Deal, credentialed. Includes one External Web Application Penetration Test, with credentialed testing including horizontal and vertical access control testing, plus Network and Host Configuration testing of the host web server.$4,800

Important notes about our manual penetration testing price quotes, and some warnings regarding automated testing and prices.

Pricing Background for Manual Penetration Testing

Everyone involved in a penetration test for High Bit Security meets the following criteria:

  • has passed a civil and criminal background check,
  • is a direct employee of High Bit Security,
  • is trained from the ground up, in house, at our own training facilities,
  • is certified through well recognized outside certification sources such as GIAC, or is in training and on a certification path.

All certified penetration testers are trained inside, certified outside, and have at least one year of employment history with us and at least 1,000 hours of supervised, hands on experience with live engagements.

What does this have to do with pricing? Our in house training allows us to provide three distinct manual pricing levels, with full transparency, as always.

So here is what Manual-1, Manual-2 and Manual-3 mean, in terms of service and price:

Manual-1 is the best choice for a budget conscious, quality manual test. It means that the primary tester may be someone with a year or more of employment history with High Bit Security, with a minimum of 500 hours of hands on experience with live engagements, who is in their second training phase and needs 500 hours of independent work to complete our pre-certification training. The individual has demonstrated sufficient skill to take on this role, has access to senior staff for guidance and junior staff for assistance if needed, but has sole responsibility for performance and reporting. If you are looking for the lowest cost option for serious manual testing, this is it.

Manual-2 is our standard approach and most popular option. It means that all engagement work is performed by a team, managed by a certified lead tester, who assigns work and closely supervises individuals deemed competent to perform the specific tasks they are given. Some of the work will be done by personnel who are in various training phases. All complex issues, fault chaining work, overall interpretation and final responsibility for context relevant testing and reporting remains with a certified tester.

Manual-3 is our premium option. With this option all work is performed by a certified tester, whether we think it makes sense from a human resource perspective or not. This is not the most cost efficient way to organize a team for a penetration testing engagement, and almost all firms claiming to do it will balk when asked to put it in writing, but there are cases that require it and we do offer it (in writing) for our clients who want it.

Now that we have explained those terms, we can put it table form, and then you can see how it impacts price and know what it means:

TypeBase Price, USD

If one of the Manual-1 web package deals listed on our rate card at the top of the page looks good to you, but you would rather have Manual-2, just add the difference in base price: $1000.

If a package deal is not what you need, here are more of our common scope items, just total up what you actually need and add your chosen base engagement price:

TypeDescriptionItem Price, USD
External NetworkNetwork and Host Configuration testing, block of 32 IP addresses.$1,900
Web Application or Web ServicePrice is for a single non-credentialed web application or web service penetration test.$1,900
Credentialed TestingPrice is the surcharge for adding credentialed testing for a web application or web service. Includes 2 application roles or one web service role, and includes full horizontal and vertical access control boundary testing.$1,900
Internal TestingPrice is the surcharge for an internal test.$1,000
WirelessWireless penetration test (in conjunction with internal testing only).$2,900
Social EngineeringPrice is for a Remote social engineering test, including two separate electronic attack vectors including spear phishing email directed at human targets within your organization, in conjunction with an external network penetration test.$3,900

We do our best to be transparent about our pricing, but often the package deals and standard scope items aren't quite what you are looking for, or your total is high enough for volume discounts, or you just need more explanation. We can't possibly cover every combination or circumstance, half or more of our engagements have some unique factor that impacts price. We are happy to provide more information. Just contact us using the form at top the page.

We'll build the best itemized quote we can for you, with everything explained in detail, and nothing hidden.

You can find more information on our manual testing methods in our methodology section

Now, about that Automated testing.

We always include automated testing reports, free of charge, with our full manual penetration testing reports. It allows our clients to see how much more they are getting with manual testing. Due to demand, we are now offering automated testing reports as a stand alone product for those who legitimately have a need for them and understand the limitations. Automated testing can not be considered thorough, but it may be suitable for you if:

1. You are testing for your own purposes and do not need to satisfy a third party requirement or compliance mandate.

2. You are willing to interpret automated reports yourself.

3. You understand that automation is significantly inferior to, and cannot be considered a replacement for, manual penetration testing.

Full Disclosure: Automated testing will not be thorough, can not be thorough no matter who provides it, and rarely satisfies third party requirements. The automated report itself, with it's automatically generated finding descriptions, is the only report we provide with these automated testing options. We do not provide a separate, manually reviewed, detailed narrative explanation, nor do we provide a public facing report. Further, automated reports almost always contain false positives and will need to be reviewed in context: we provide the reports, you review for false positives. Finally, there is the issue of coverage and false negatives.

You cannot rely on automated reports for thorough testing. Only some security flaws can be identified through automation. Some of the most dangerous possibilities will not receive testing using any automated method, ours or anyone else's. These possibilities include exploitation of business logic flaws and exploits resulting from complex fault chaining, side channel vectors, passive reconnaissance and plain old human recognition of the complex relationships between various attack vectors and observed faults. These are not occasionally missed by automation, they are routinely missed, and routinely found in manual testing.

Automation is programmed, it cannot imagine and it cannot create. Conversely, human cognition is inventive, dynamic, contextual, and bounded only by human creativity itself. It represents a vast, fuzzy, shifting and dangerous attack surface that is exactly where the best attackers live. The most important attributes of this surface are not even measurable, let alone programmable. It is an attack surface that might be better described as an attack 'miasma', and it is only approachable through competent, creative and enthusiastic manual penetration testing.

To put it another way: The day we can rely on automated security testing is the same day we can replace human coders with their own code. Some may believe that day is just around the corner, but we rather doubt it, and that day certainly isn't today.

Given the limitations, you may wonder why we would offer automated testing at all? Frankly, it's a question we have struggled with. For nearly a decade we have not offered this service because we know how inferior it is when compared with manual testing, but there are cases where it makes sense. Maybe you are building a new system or application and want a quick check for the most easily detectable issues before you continue with your next development phase. Maybe you know you could obtain similar testing software yourself, and are comfortable interpreting results, but don't have the budget to acquire the software. Maybe the budget is not a problem but you lack the time or expertise to properly set everything up.

There could be many scenarios where a quick and cheap automated test from someone who already has the tools and experience may have value. Whatever your reasons, we are happy to provide the reports as a stand alone product, provided that you understand the limitations.

As always, transparency is first, and we are doing our best to clearly state the limitations of automation. If you want one of our automated tests, just use our contact form above and we'll get it going for you.

We value transparency and welcome comparison. Please compare our penetration testing experience, reputation, pricing and methods with other providers.

Ask us for a free, quick, no hassle quote using the contact form above.