Pentest Pricing

Pay every pentester with the same credit system, for flat-rate and predictable cybersecurity budgeting

Empower teams to take charge of application security with a credit system, simplifying budgeting, and enabling teams to choose when and how to schedule pentests.

Level 1 - Awareness

Initial testing to assess basic security. Suitable for any website/application

Small

Basic Website

2 Credits

Medium

Webapplication

3 Credits

Large

Enterprise App

4 Credits

Manual vs Automation
Pentest Process
50 % / 50 %

OWASP Standards
Pentest Methodology
Partial
OWASP ASVS Level
Pentest Methodology
Level 1
OWASP TOP 10
Pentest Report
Yes
Pentest Platform
Collaboration & Reporting
Full access
Duration
Testing Time
2 days

Level 2 - Security

Extensive manual research with customization per asset for full security

Small

Basic Website

4 Credits

Medium

Webapplication

8 Credits

Large

Enterprise App

12 Credits

Manual vs Automation
Pentest Process
70 % / 30 %

OWASP Standards
Pentest Methodology
Full
OWASP ASVS Level
Pentest Methodology
Level 2
OWASP TOP 10
Pentest Report
Yes
Pentest Platform
Collaboration & Reporting
Full access
Duration
Testing Time
3-5 days

Level 3 - Advanced

A full Pentest suitable websites/applications with basic security in place

Small

Basic Website

8 Credits

Medium

Webapplication

16 Credits

Large

Enterprise App

20 Credits

Manual vs Automation
Pentest Process
80 % / 20 %

OWASP Standards
Pentest Methodology
Full
OWASP ASVS Level
Pentest Methodology
Level 2
OWASP TOP 10
Pentest Report
Yes
Pentest Platform
Collaboration & Reporting
Full access
Duration
Testing Time
5+ days

Credits are 329 EUR Each

Our pentest pricing is based on Size + Scan Level. Credits are flat-rate, can be purchased upfront, and we offer volume discounts.

FAQ

Still have questions? Hopefully our FAQ can help. If not, contact us at [email protected] with questions.

What are Pentest Credits

PentestHero scraps traditional budget cycles, empowering devs and design teams to conduct their own pentests. Simply budget pentesting for the whole year, buy credits, and deliver them to dev teams. Developers can then plan and launch their own pentest cycles around application changes and updates, without delays and bottlenecks of finance and budgeting. Best of all, pricing stays the same, even if you switch pentesters or work with more than one cybersecurity team. 

What do Credits Cost?

Credits are 329 EUR each. We also offer volume discounts.

How Many Credits Do I Need

The PentestHero Marketplace uses a simple pricing scheme. We factor in the complexity and size of your website alongside the security level to determine how many credits you need. Simple web application pentests start at 2 credits. If you’re not sure what you’ll need, schedule a call with us and we can help you set a budget. 

Are Credits Refundable?

No. All credits are final sales. You may qualify for a refund if work is undeliverable or otherwise unsatisfactory, in line with our Terms of Service. Otherwise, all credits are seen as a pentest purchase, and are delivered with volume-based discounts based on pre-sales. If you have more questions, contact us.

Can I Upgrade My Pentest?

What if you want to upgrade from a Level 1 to a Level 2 pentest? Contact us to let us know. We’ll prorate the cost of the current pentest with the cost of the new one – so upgrades are as efficient as possible.

Is Retesting Included in the Cost?

All pentesters on the PentestHero Marketplace factor retesting into their initial rates. This means that the upfront budget includes a single round of retesting, within 30 days of the initial pentest. Developers can request retests directly through the platform, for truly collaborative pentesting.

Can I Get a Volume Discount?

Cut costs across large projects with volume credit discounts. Organizations with multiple digital assets or those budgeting for the year can commit to a larger number of pentests at once, allowing us to offer a volume discount, so pentesting fits better into your budget and cybersecurity cycles. 

What Billing Options Do You Accept?

You pay your PentestHero Marketplace bill with Stripe, which offers secure payment processing. We accept most popular payment forms includign credit and debit cards, SEPA debit, iDEAL, bank transfer, and more. We also use IBAN bank transfers in supporting regions. PentestHero will pay your pentesters ourselves, so you always have the same invoice no matter which pentesters you work with. 

Do You Do Code Review?

Yes! In most cases, a full code review will cost from 8 credits. This is subject to change based on application size and complexity as well as the cybersecurity team you’re working with.

Do You Offer Pentesting for Compliance?

If you’re looking for compliance, PentestHero can help you choose a pentester from our Marketplace specializing in that specific regulation. Our network includes experts in DigiD, ISO, HIPAA, PCI, and more. Adding a compliance framework to your pentest costs from 2 credits per pentest. 

On-demand pentesting for every scenario

Work with PentestHero and take advantage of having top pentest firms available, on-demand, with results from every test delivered in the same secure cloud platform for easy insights and tracking.