Pentest Credits

Empower teams to take charge of application security with a credit system, simplifying budgeting, and enabling teams to choose when and how to schedule pentests   

How it works

Simplifying pentests means simplifying budgets and payments. That’s why we utilize a credit system. Set cybersecurity budgets for the year, purchase credits, and empower teams to plan, schedule, and start pentests in line with development cycles and updates – without delays for finance and budgeting. With finance teams saving time, development teams taking ownership of pentesting and cybersecurity, and pentests integrating more seamlessly into existing Agile cycles, everyone wins.  

How Does Pricing Work?

Our simple pentest pricing is based on Size + Scan Level. We want to help you along your security journey: from Awareness to Secured and Impenetrable.

 

Level 1 - Awareness

Awareness is the first step to online security and forms the basis of all other pentesting. Level 1 includes a basic investigation of your website and host security, validated by expert hackers. All findings and reports are available through our cloud portal.

Small

Basic Website

2 Credits

Medium

Webapplication

3 Credits

Large

Enterprise App

4 Credits

Upgrade to Level 2 -1 Credit
Yearly subscription -1 Credits

Level 2 - Secured

Level 2 is the next step in securing your environment. If your basic security is solid, a Level 2 test dives deeper to find and assess issues. We use advanced techniques to find vulnerabilities and deliver the information your team needs to resolve them.

Small

Basic Website

4 Credits

Medium

Webapplication

8 Credits

Large

Enterprise App

12 Credits

Upgrade to Level 3 -1 Credit
Yearly subscription -1 Credits

Level 3 - Advanced

A Level 3 Pentest is a complete assessment of your web environment. We take on the role of the malicious hacker, leaving no stone unturned, no vulnerability untested. Our goal is to get in and take control, to test every aspect of your security.

Small

Basic Website

8 Credits

Medium

Webapplication

16 Credits

Large

Enterprise App

20 Credits

Yearly subscription -3 Credits

Add-ons

Customize your pentest for compliance or development here. Add "Compliance" to meet the needs of yearly recurring frameworks including DigiD, ISO, HIPAA, PCI, and others. Or, add Code Review to ensure code security during development.
Compliance
+2 Credits
Code Review
+8 Credits

Small

Basic Website

Medium

Webapplication

Large

Enterprise App

Level 1 - Awareness

Initial testing to assess basic security. Suitable for any website/application

Manual vs Automation

Pentest Process
50 % / 50 %
Basic automated testing for common issues like XSS /SQLi

OWASP OTG v4

Pentest Methodology
Partial

OWASP ASVS Level

Pentest Methodology
Level 1

OWASP TOP 10

Pentest Report
Yes

Pentest Platform

Collaboration and Reporting
Full access

Duration

Testing time
2 days

Level 2 - Secured

A full Pentest suitable websites/applications with basic security in place

Manual vs Automation

Pentest Process
70 % / 30 %
Extensive manual research customized for the site

OWASP OTG v4

Pentest Methodology
Full

OWASP ASVS Level

Pentest Methodology
Level 2

OWASP TOP 10

Pentest Report
Yes

Pentest Platform

Collaboration and Reporting
Full access

Duration

Testing time
3-5 days

Level 3 - Advanced

A full Pentest suitable websites/applications with basic security in place

Manual vs Automation

Pentest Process
80 % / 20 %
Custom scripts and manual research

OWASP OTG v4

Pentest Methodology
Full

OWASP ASVS Level

Pentest Methodology
Level 2

OWASP TOP 10

Pentest Report
Yes

Pentest Platform

Collaboration and Reporting
Full access

Duration

Testing time
5+ days

Manual vs Automation

Pentest Process

OWASP OTG v4

Pentest Methodology

OWASP ASVS Level

Pentest Methodology

OWASP TOP 10

Pentest Report

Pentest Platform

Collaboration and Reporting

Duration

Testing time

Retesting

Automatically retest findings following remediation to ensure fixes work. PentestHero delivers complimentary retesting with every pentest package, to ensure your team has everything it needs to fix vulnerabilities and stay secure. Developers can request retests directly through our platform, for truly collaborative pentesting.

How many credits do i need?

All pentests are priced based on two factors; the size and complexity of the website or application and the depth of testing. This two-factor pricing model is based on time-investment and the number of hackers needed to complete a pentest. If you’re unsure after reviewing our credit table, contact us for more information and a custom quote.  

Volume credits 

Cut costs across large projects with volume credit discounts. Organizations with multiple digital assets, or those budgeting for the year, can commit to a larger number of pentests at once, allowing us to offer a discount based on total volume of work. This allows us to better-serve larger organizations, while fitting more neatly into agile cycles for stronger security at a better price. 

How secure is your organization?