How much does a Pentest cost?

Although I haven't really been asked this question yet, it might be something on your mind.

As you may already know, the core values of ZeroBit are: Accessibility, custom work, quality, and trust.

It is that second value, custom work, that doesn't allow us to put a standard price on a pentest. Do you have 5 computers, or 500? Do you have 1 server, or 20? Is your application purely informational, or are there different roles available, each with their own permissions?

As you can see, we need to get a picture of what exactly you want tested before we can put together a price.

Don't know exactly what you want tested, or is the price still too much? No panic! Fortunately, there is also something called the VLAIO Improvement Program. A clear program for every type of business. On top of that, VLAIO covers 50% of the costs, which you don't have to advance.

When determining a price, things are taken into account as explained in our previous blog post "How does the sales process work at ZeroBit". Shall we put some numbers on it?

Administration: this is almost always 1 hour. It includes both setting up the internal project structure and all communication and contractual actions.

Pentesting itself: this is the component that varies the most. To take a Web Application as an example, we would always like to allocate 5-8 days for this.

Reporting: although this seems self-evident, a report must also be prepared. All results from the previous step must be poured into a clear report. All our notes are converted into a workable document for you as a business. Average turnaround time: 2-3 days.

Quality assurance: every time I have a document ready to send, I assume there is at least 1 error still in the document. That's why we invest extra time to ensure that the report that lands on your desk is as accurate as possible. Average turnaround time: 4-6 hours.

Closing meeting: of course, the project needs to be wrapped up properly. We prefer to do this during a live meeting, where we deliver our final document. Although I say "final" here, there is always room for change. We love hearing your response to our observations. Perhaps there is a good reason for certain observations, and we need to adjust our recommendations!

So if we put all these topics into a table, we get the following:

Topic — Avg. Time in hours: Administration 1, Pentesting 50, Reporting 20, Quality Assurance 16, Closing meeting 1. Total: 88 hours.

To determine the definitive price, we multiply this number of hours by an hourly rate.

NOTE: This is only an indication. The actual duration varies from project to project!

Would you also like to request a quote? Contact us without obligation via the form below.