It’s hard to answer “how much does a pentest cost?” with a single number. Honestly, a quote is mostly decided by “how many days of work” it is. So instead of figures, this is an honest rundown of what moves those days — hopefully helpful for picturing your scope before you ask for a quote.
Cost comes down to effort-days
Most pentests are priced by how many days skilled people put in. Roughly, these factors raise or lower that.
Factor | Effect on cost |
|---|---|
Scope size | More features/endpoints/accounts → higher |
Depth | Basic checks vs deep work incl. chaining and component 1-days |
Approach | Low-info black box spends more time on recon |
Target type | Web/app/API/cloud/infra each need different expertise |
Re-test included | Including re-verification adds time but raises quality |
These push cost up
“As deep as possible, APT-style, down to component/library flaws” — more depth, more time.
Several targets (web + app + API) with different auth structures
Sensitive production constraints on windows and controls
And these keep it sensible
Prioritize your most important assets and narrow scope
Go gray box first — spend recon time on actual testing
Test regularly — change-focused tests are usually lighter
When the cheapest quote becomes the costliest choice
One careful note: a test chosen on price alone sometimes amounts to “scanner output plus tidy-up,” leaving the truly risky authorization, business-logic, and component flaws intact. When comparing cost, also weigh “what, at what depth, by whom.” (More on depth in our pentest process post.)
Field note: clients who arrive having thought through “what do you most want to protect?” tend to get a far richer scope for the same budget.
FAQ
Can we get a rough figure?
Given the scope, we can estimate quickly in effort-days. A simple single web app versus complex infra differ a lot, so a short call to scope it together is most accurate.
Must re-test be included?
Not required, but recommended — confirming the fix “really” landed completes the value of a test.
Closing
Cost is ultimately the result of “what, at what depth.” To gauge the right scope and schedule together, feel free to ask at penetration testing — we’ll scope it with you, calmly, from the start.