Rate Card, Standard Pen Tests.
30 minutes for scope collection, free proposal, peace of mind. Fill out the form below.

Your Email or Phone:

Enter code:

Penetration Testing Cost

penetration testing price quote

Home - What - Why Pen Test - Why High Bit - Types - Reports - How Much?

Cost of a Penetration Test from High Bit Security

Here is a current penetration testing price quote for our most commonly encountered types of peneration testing. Some providers are reluctant to publish their fees for penetration testing. With high quality work and penetration testing prices starting at $3700, we do not hesitate to quote our pen test pricing:


TypeDescriptionStarting Price, USD
External NetworkPrice is for an external penetration test addressing security vulnerabilities at the network layer* and also including host configuration** vulnerabilities, up to 32 IP addresses.$3,700
Internal NetworkPrice is for an internal penetration test (on your internal network) addressing security vulnerabilities at the network layer* and also including host configuration** vulnerabilities, up to 32 IP addresses.$4,700
Web ApplicationPrice is for a single web application penetration test, in conjunction with an external or internal network penetration test.$1,200
WirelessPrice is for a wireless penetration test, in conjunction with an internal network penetration test, for one wireless access point and associated client devices.$3,000
Social EngineeringPrice is for a Remote social engineering test, including two separate electronic attack vectors including spear phishing email directed at human targets within your organization, in conjunction with an external network penetration test***.$4,000


*Network Layer testing includes firewall configuration testing, including statefull analysis tests and common firewall bypass testing, IPS evasion, DNS attacks including zone transfer testing, switching and routing issues and other network related testing.

**Host Configuration testing includes a full port scan and subsequent testing of all discovered services on a host EXCEPT custom applications and services. Services like ssh, SQL Server, MySQL and other database services, SMTP, FTP etc. are all included. Standard, well known web applications like Microsoft Outlook logon pages, standard administrative interfaces for firewalls, printers and other standard adiministrative web pages are included and will receive black box testing if discovered. Any applications or services that you have written or customized are not included. Custom web applications require the purchase of a web application test. We are not able to provide pricing for custom non-web applications or services until we have detailed information about them.

***Social Engineering is normally done in conjunction with an external penetration test, with findings included in the external final report. Social Engineering engagements may be conducted as stand alone engagements, but please add $1000 to cover additional reporting and the passive recon activity that is normally part of an external test.

The penetration testing fees above are for basic pen test engagements. There are many other factors that can impact pricing, including testing restrictions, timing restrictions, access requirements such as VPN and custom web applications when important functionality is handled by components like ActiveX, Silverlight or Java Applets. The prices given are intended to be accurate and usually are, but we can't commit to a price without knowing the full scope of the engagement. We can usually determine your scope for pricing considerations in about 30 minutes and give you a solid quote.


More information regarding the types of penetration testing with published prices above can be found on our Penetration Testing Types page.

Detailed information regarding our penetration testing methods, including a detailed treatment of tools, manual methods, automated methods, sequence of events, quality, safety and stability factors can be found on our Penetration Testing Methodology page.

We value transparency and welcome comparison. Please compare our penetration testing pricing and methods with other providers.

We are a reputable firm with a history of high quality penetration testing service for:

  • banks and other financial institutions,
  • large hospitals and other health care providers,
  • defense contractors, public institutions and
  • many, many online service providers and merchants.

In most cases, these prices will cover the penetration testing requirements of the New York State Cyber Security Regulations, see our page on New York State Department of Financial Services Cybersecurity Regulations, 23 NYCRR 500 for details.

Our smallest clients include many start up companies with very few employees and little budget. Our largest are public and privately held companies with billions in annual revenue and over 10,000 employees. How large or small you are doesn't matter. What you need is what matters.

Ask us for a free, quick, no hassle quote using the contact form above.