Pricing

Transparent, fixed-scope pricing.

No proprietary risk scoring, no per-asset upsells, no "contact sales" mystery. Every engagement is scoped up front and priced accordingly — these are real starting prices, not a lead-gen teaser.

External Vulnerability Assessment

Starting at $5,000

Single engagement, one perimeter

  • Your full external perimeter, DMZ, and externally-visible systems
  • Offline CVE-database matching plus optional authenticated scanning behind login walls
  • PCI DSS 4.0 / CIS v8 compliance mapping, prioritized findings, PDF + JSON/CSV/SARIF export
  • Delivered and walked through personally, not handed off

Internal Network Assessment

Starting at $5,000

Single engagement, one site/subnet

  • On-site testing from a non-privileged vantage point on your LAN
  • Maps what a normal user (or intruder) can actually see and reach
  • Optional opt-in checks for active ARP spoofing and credentialed share access, gated behind admin authorization
  • Read-only by design — zero risk of service interruption

Both Assessments (Bundled)

Starting at $8,500

The complete picture — external + internal

  • Everything in both assessments above
  • One combined report showing how outside-in and inside-out exposure connect
  • Save vs. booking each assessment separately
Get in touch →

Final pricing depends on scope — number of hosts/subnets, site count, and whether it's a one-time or recurring engagement. The prices above are real starting points for a typical single-office environment, not a floor designed to be quoted up.

Recurring

Quarterly retainer

Most environments change enough over a year that a single point-in-time assessment goes stale. A quarterly retainer — four assessments a year — runs roughly 3× a single engagement's price, not 4×, so staying current costs less than re-booking one-off each time.

  • Same fixed-scope pricing model, just spread across the year
  • Priority scheduling — you're already on the calendar
  • Trend reporting: what's newly exposed, what's fixed, what's still open
Ask about a retainer
External, quarterly
From $15,000/yr
Internal, quarterly
From $15,000/yr
Both, quarterly
From $25,500/yr
Cadence
4×/year
Why fixed, published pricing

No black box, including the price itself.

The same principle that shapes how we test — no proprietary scoring, full attribution for every tool used, nothing hidden from the client — applies to what it costs.

Every engagement, personally delivered

You work directly with the person doing the testing and writing the report — not a rotating pool of contractors, not a junior analyst working off a script while someone senior reviews it after the fact.

Scoped upfront, not quoted per asset

A suspiciously low "per-asset" quote is usually a sign of an automated scan wearing a pentest's clothing. These prices are for real, scoped assessment work — what's included is spelled out before you sign anything.

Open-source tooling, fully attributed

Every finding traces back to a named, credited open-source tool (nmap, Nuclei, testssl.sh, and others) — never an undisclosed proprietary risk algorithm you're asked to just trust.

Zero exploitation risk, by construction

Internal Network Assessments are strictly read-only — no password cracking, no exploitation, no lateral movement. For production-sensitive or healthcare environments, that's not a limitation, it's the point: real exposure visibility with no chance of causing an outage.

Not sure which assessment fits?

Tell us a little about your environment and we'll help you scope the right engagement and give you a firm number — no obligation.