Pricing

You can find here our general approach to pricing for Securitum pentesting services.

We offer penetration services in two models:

1

Time & materials

based on pre-agreed schedule (i.e. start/end dates and project duration in man days)

In scenario 1 (T&M), we use a rate depending on a project duration, team size, and mode (remote, on-site, hybrid) in the range of 640 EUR to 890 EUR per man day. Would you be interested in talking about engagement in this model, please contact us!

2

Fixed project time & cost,

based on our appraisal

Would you be interested in scenario 2 (fixed cost), typical pentest engagement takes between 1 and 4 weeks for a single application and/or area. This puts cost of a complete project between 3500 EUR and 14 000 EUR. Please find below typical questions we ask for a pentest in most common areas, and contact us using buttons below.

Web application

pentest

  • What funtionalities does the application provide?
  • How big is the application (estimated number of unique screens)?
  • How many different user groups must be audited?
  • How many API endpoints / methods does the application use?
  • Will the auditor be able to register accounts for all user groups included in the project scope?

Mobile application

pentest

  • What is the size of application (estimated number of unique screens?
  • How many API endpoints / methods does the application use?
  • Does the application share the backend (e.g. API) with other applications?
  • How many different user groups does the application have and how many must be tested?
  • What kind and version of the platform is the mobile application available for (iOS, Android)?

Infrastructure

pentest

  • LAN: How many active hosts are within the LAN network (servers, routers, firewalls, computers, printers, laptops, etc)?
  • LAN: How many physical LAN locations exist?
  • LAN: Is it possible to test the entire network from one location?
  • LAN: Is it possible to perform tests of machines in the internal network (LAN) remotely?
  • WAN: How many public IP addresses (or what subnet mask) will be analyzed?

Cloud security

& Cloud assessment

  • What cloud environment will be audited (AWS, GCP, Azure)?
  • For the purposes of the tests, access to administration panels/consoles with appropriate permissions will be necessary.
  • What is the size of the cloud environment (estimated number of machines, number of databases used, extensiveness of firewall policies, etc.)?
  • What cloud-specific services are you using (e.g. AWS Elastic Beanstalk, Azure Kubernetes Service, etc.)

Social engineering

  • How many locations should be audited by the onsite audit?
  • How many test scenarios should be implemented during phishing/vishing campaigns?
  • How many employees are to be tested during phishing/vishing campaigns?
  • What is the main language used in the organization?
  • What software is used in the organization (e.g. O365/M365, Google Workspace, OWA, Sharepoint, Teams, Windows, MacOS, etc)?

Source code review

  • How many lines of code does the application consist of?
  • What technologies is the application made in?
  • Are tests possible on Securitum's workstations?
  • Will the Purchaser provide a copy of the code subject to the Securitum's analysis?

Any questions?

Happy to get a call or email
and help!

Terms and conditions
© 2023 Securitum. All rights reserved.

This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.