There are several parameters that can impact the overall costs of a penetration test.
If it is a web application, there are some specific things to ask:
For example:
What is the type of target / targets being tested? (e.g. a Windows network, a web application, a server, etc.)
How many targets are there (approximately)?
- Is it a credentialed test?
- Is an API involved?
- How many roles do we need to test?
- How large is the application?
- How old is the application (this can sometimes determine size)?
- Can the testing be done in regular hours or must it be done on evenings and weekends?
Budget
What is your approximate budget? In the end, this is the most important question to answer as we can always test within any budgetary restrictions.
The following will outline typical cost ranges for different types of penetration testing. The variables above may require adjusting the range in either direction:
- Web Application Pen Test: Ranges from $3,500 to $7,500 with an average cost of $5,000.
- External Network Pen Test (Black Box): Range usually starts at $2,500 for up to 5 IP hosts.
- Internal Network (Red Team) Pen Test: Typical cost is $7,500 – $10,000.
- Purple Team Exercise (i.e. Collaborative Red + Blue Team working on a simulated attack of Ransomware / APT): Typical cost is $5,000 to $7,500.
Recent Comments