Rate Card, Standard Pen Tests.
30 minutes for scope collection, free proposal, peace of mind. Fill out the form below.

Your Email or Phone:

Enter code:

Penetration Testing Cost

penetration testing price quote

Home - What - Why Pen Test - Why High Bit - Types - Reports - PTaaS - How Much?

Cost of a Penetration Test from High Bit Security

Here is a current penetration testing price quote for our most commonly encountered types of peneration testing. Some providers are reluctant to publish their fees for penetration testing. With high quality work and penetration testing prices starting at $3,900, we do not hesitate to quote our pen test pricing.

TypeDescriptionStarting Price, USD
External NetworkBase price is for an external penetration test addressing security vulnerabilities at the network layer* and also including host configuration* vulnerabilities, up to 32 IP addresses. A non-credentialed Web Application Test may be substituted if you do not need network testing.$3,900
Web ApplicationPrice is for a single non-credentialed* web application penetration test, in conjunction with an external or internal network penetration test.$1,900
WirelessPrice is for a wireless penetration test, in conjunction with an internal network penetration test, for one wireless access point and associated client devices.$3,000
Social EngineeringPrice is for a Remote social engineering test, including two separate electronic attack vectors including spear phishing email directed at human targets within your organization, in conjunction with an external network penetration test*.$3,900

*Network Layer testing includes firewall configuration testing, including statefull analysis tests and common firewall bypass testing, IPS evasion, DNS attacks including zone transfer testing, switching and routing issues and other network related testing.

*Host Configuration testing includes a full port scan and subsequent testing of all discovered services on a host EXCEPT custom applications and services. Services like ssh, SQL Server, MySQL and other database services, SMTP, FTP etc. are all included. Standard, well known web applications like Microsoft Outlook logon pages, standard administrative interfaces for firewalls, printers and other standard adiministrative web pages are included and will receive black box testing if discovered. Any applications or services that you have written or customized are not included. Custom web applications require the purchase of a web application test. We are not able to provide pricing for custom non-web applications or services until we have detailed information about them.

*Social Engineering is normally done in conjunction with an external penetration test, with findings included in the external final report. Social Engineering engagements may be conducted as stand alone engagements, but please add $1000 to cover additional reporting and the passive recon activity that is normally part of an external test.

*Web application testing price is for non-credentialed testing. If you need testing performed with credentialed access to your web application, there is an additional charge of $1900, which includes 2 application roles. Testing includes full access control boundary testing between roles.

The penetration testing fees above are for basic pen test engagements with optimal 12 week engagement windows. Please contact us for pricing on shorter term, larger or more complex penetration testing engagements. Volume discounts are available. There are also many other factors that can impact pricing on more complex engagements, including testing restrictions, timing restrictions, access requirements such as VPN and the presence of components like ActiveX, Silverlight or Java Applets in web applications. The prices given are intended to be accurate and usually are, but we can't commit to a price without knowing the full scope of the engagement. We can usually determine your scope for pricing considerations in about 30 minutes and give you a solid quote.

More information regarding the types of penetration testing with published prices above can be found on our Penetration Testing Types page.

Detailed information regarding our penetration testing methods, including a detailed treatment of tools, manual methods, automated methods, sequence of events, quality, safety and stability factors can be found on our Penetration Testing Methodology page.

We also offer Pen Testing as a Service (PTaaS). This is an approach intended for rapid deployment environments where traditional penetration testing cycles may be too long, or full reporting too cumbersome for your needs. This approach forgoes the full reporting of traditional penetration testing and instead places the focus on rapid turn around of individual finding reports, collaboration and remediation testing in near real time. If you are interested in this approach, you can find more information on our PTaaS page.

We value transparency and welcome comparison. Please compare our penetration testing pricing and methods with other providers.

We are a reputable firm with a history of high quality penetration testing service for:

  • banks and other financial institutions,
  • large hospitals and other health care providers,
  • defense contractors, public institutions and
  • many, many online service providers and merchants.

In most cases, these prices will cover the penetration testing requirements of the New York State Cyber Security Regulations, see our page on New York State Department of Financial Services Cybersecurity Regulations, 23 NYCRR 500 for details.

Our smallest clients include many start up companies with very few employees and little budget. Our largest are public and privately held companies with billions in annual revenue and over 10,000 employees. How large or small you are doesn't matter. What you need is what matters.

Ask us for a free, quick, no hassle quote using the contact form above.