If a real attacker spends more time than a pentester, he might find vulnerabilities that the tester did not find before. This is the timebox principle.
That's why (serious) pentests are always charged according to time spent (usually in person-days). One person-day costs € 1.400,-. From 20 person-days we give a 15% discount (€ 1.190,-).
And what does a Pentest really cost now?
We estimate the effort for a pentest in advance in a scoping meeting (for more information, see Before the pentest). Here are a few guidelines on what you can usually expect.
- Web Applications: € 4.000-14.000
- Microsoft Active Directory: € 11.000-17.000
- External Infrastructure: € 7.000-10.000
- From 20 person days we give a 15% discount.
- In the Academia area we offer a very attractive daily rate of € 1.000,-.
- We are currently launching a pro bono programme.
Otherwise, we ask for your understanding that we do not grant discounts. Negotiating talent should not be a price-determining factor. In return, you can expect full fairness and transparency from us.
Okay, and what about Phishing?
The time-box principle is not applicable for phishing simulations. We therefore cover the expenses with a flat rate. Here are a few insights into what expenses are involved:
- the time for designing a customised scenario,
- the provision of the campaign (e.g. acquisition of a domain, setting up the infrastructure, etc),
- if necessary, troubleshooting, delivery attempts, etc.
- the evaluation of the collected data after the simulation has been carried out,
- and the final report preparation.
The costs are usually around € 4.900,-.
In the case of a particularly large number of recipients or more complex scenarios, they may be higher.
If we are unable to offer a service, we are happy to recommend competent companies. We are also pleased when we are recommended by others.
We never charge a recommendation fee or any other fee for recommendations. Likewise, we do not pay any fees for referrals. This means that our recommendations are always based on the quality of the recommended company and not on the fee.
If a security company concludes a contract directly with the end customer and engages us as a subcontractor, we charge 85% of the end customer's price, but at least a daily rate of € 900. Our partner is then responsible for passing on the provisions from our TOS to the end customer.