Frequently Asked Questions

Penetration Testing FAQs

Quick answers to the questions we're asked before an assessment is scoped. If you need anything specific, we're happy to help.

Your questions, answered

Common Questions About Penetration Testing

Our penetration tests start from £1,800 for focused assessments. Final pricing depends on target scope, complexity, and testing approach (black-box, grey-box, or white-box).

We provide fixed-price proposals with clear scope and no hidden costs. You can view our pricing guide or request a quote for a tailored estimate.

Typical timelines are:

We confirm timelines during scoping so you know exactly what to expect before testing starts.

Every engagement includes penetration testing by a qualified consultant, access to Attack Surface Center to track findings in real time, and a pentest report at the end of testing that includes:

  • Executive summary for non-technical stakeholders
  • Technical findings with reproduction steps and evidence
  • Risk ratings (CVSS where appropriate)
  • Prioritised remediation guidance
  • Debrief session to walk through the results

Our goal is to give both leadership and technical teams the information they need to further secure their environment.

Yes. We include a complimentary focused re-test for remotely delivered engagements to verify that critical vulnerabilities have been effectively remediated.

This helps confirm fixes are effective and gives you assurance before closing the engagement.

Ahead of testing we confirm the rules of engagement and avoid destructive techniques unless explicitly authorised.

Where needed, we can schedule higher-impact testing windows outside business hours to minimise operational risk.

Yes. We test cloud-hosted applications and infrastructure across AWS, Azure, and GCP, and routinely assess modern web/API architectures.

We align testing to provider policies and real-world attack paths relevant to your deployment model.

Yes. The approach is agreed during scoping based on your objectives, risk profile, and compliance requirements.

If useful, we can combine approaches in a single engagement to provide broader coverage without unnecessary cost.

Most projects can be scoped quickly and a fixed quote typically is provided within one business day once we understand your requirements.

Start by requesting a quote or contacting us to arrange a scoping call.

If you're evaluating options, these guides are a good starting point:

If you'd rather discuss your environment directly, we can recommend the most suitable assessment during a short scoping call.

Yes. We can provide a discount for multi-service engagements and repeat, long-term engagements. If you are a charity, start-up, or public services organisation, let us know and we can discuss how we can work together within your budget.

Yes, Exploitr is VAT registered under GB VAT 476701277. Prices displayed or provided within a quote exclude VAT unless otherwise noted.

Yes, Exploitr is fully insured for public and products liability, professional indemnity, cyber, and more.

Still have questions?

Speak with our team and we'll be happy to answer any questions, or help you scope the right assessment.