Frequently Asked Questions

Penetration Testing FAQs

Quick answers to the questions we’re asked before an assessment is scoped. If you need anything specific, we’re happy to help.

Your questions, answered

Common Questions About Penetration Testing

How much does a penetration test cost?

Our penetration tests start from £1,800 for focused assessments. Final pricing depends on target scope, complexity, and testing approach (black-box, grey-box, or white-box).

We provide fixed-price proposals with clear scope and no hidden costs. You can view our pricing guide or request a quote for a tailored estimate.

How long does a penetration test take?

Typical timelines are:

Web application testing: 3–5 days
External/internal network testing: 3–7 days (depending on size)
API testing: 2–4 days
Red team engagements: 2–6 weeks

We confirm timelines during scoping so you know exactly what to expect before testing starts.

What’s included in your testing and reporting?

Every engagement includes:

Executive summary for non-technical stakeholders
Technical findings with reproduction steps and evidence
Risk ratings (CVSS where appropriate)
Prioritised remediation guidance
Debrief session to walk through the results

Our goal is to give both leadership and technical teams clear next steps.

Is retesting included after fixes are applied?

Yes. We include a complimentary focused re-test for in-scope findings once your team has completed remediation.

This helps confirm fixes are effective and gives you assurance before closing the engagement.

Will testing disrupt our systems or users?

We agree rules of engagement before testing and avoid destructive techniques unless explicitly authorised.

Where needed, we can schedule higher-impact testing windows outside business hours to minimise operational risk.

Do you test cloud environments and modern stacks?

Yes. We test cloud-hosted applications and infrastructure across AWS, Azure, and GCP, and routinely assess modern web/API architectures.

We align testing to provider policies and real-world attack paths relevant to your deployment model.

Do you offer black-box, grey-box, and white-box testing?

Yes. The approach is agreed during scoping based on your objectives, risk profile, and compliance requirements.

If useful, we can combine approaches in a single engagement to provide broader coverage without unnecessary cost.

How quickly can we get started?

Most projects can be scoped quickly, with a fixed quote typically provided within one business day after we understand your requirements.

Start by requesting a quote or contacting us .

I’m new to penetration testing — where should I start?

If you’re evaluating options, these guides are a good starting point:

If you’d rather discuss your environment directly, we can recommend the most suitable assessment during a short scoping call.

Still have questions?

Speak with our team and we’ll help you scope the right assessment with no obligation.