Penetration Testing Pricing
How much does a penetration test cost?
Whether you’re budgeting for a penetration test for the first time or comparing penetration testing providers, understanding pentest pricing can be difficult. We aim to be transparent.
Explore typical penetration testing pricing across our services, understand what drives cost, and see exactly what’s included before you speak to us.
Service Pricing
Penetration testing costs by service type
Our pricing is fixed and scoped to the defined assessment rather than time-based billing. This provides upfront cost certainty and removes variability associated with day-rate utilisation or scope expansion.
Engagements are priced based on the size and complexity of the environment in scope, including the number of assets, authentication states, and the depth of manual testing required across the attack surface. A fixed-price is confirmed following an initial scoping call.
Pricing is structured to prioritise manual, consultant-led testing within the agreed scope rather than non-technical delivery overheads.
| Service | Starting Price | Typical Duration | Recommended For |
|---|---|---|---|
| Web Application Testing | From £2,700 | 3-6 days | SaaS platforms, e-commerce, customer portals, authenticated testing |
| Website Testing | From £1,350 | 1 day | WordPress, Drupal, static and brochureware sites |
| API Penetration Testing | From £1,800 | 2-4 days | API-first companies, microservices, mobile backends |
| Mobile Application Testing | From £2,800 | 3-6 days | Mobile apps, fintech, healthcare applications |
| Desktop Application Testing | From £2,700 | 3-5 days | Enterprise software, financial platforms |
| Embedded Device & IoT Testing | From £4,500 | 5+ days | IoT devices, consumer devices and platforms |
| External Network Testing | From £1,800 | 2-5 days | All organisations, compliance requirements |
| Internal Network Testing | From £2,850 | 3-8 days | All organisations, assumed compromise simulation, enterprise networks |
| Wi-Fi Security Testing | From £1,700 | 1-2 days | Offices, retail, hospitality, healthcare |
| Vulnerability Assessment | From £700 | 1-3 days | Regular security checks, baseline scanning |
| Pentest as a Service (PTaaS) | From £3,200/mo | Ongoing | Security-conscious organisations, fast-moving dev teams, continuous deployment |
All prices shown are indicative starting points and exclude VAT. Your fixed-price quote will be confirmed following a scoping call.
Not sure which testing you need?
Pricing Factors
What affects the cost of a penetration test?
Penetration test pricing varies significantly based on scope and complexity. Understanding these variables helps you get a more accurate quote and ensures your testing budget is spent where it matters most.
Scope Size
The number of URLs, IP addresses, API endpoints, or application functions in scope is the primary cost driver. A larger scope requires more testing time, and we price that transparently.
Application Complexity
A static brochure site and a multi-role SaaS platform require very different levels of effort. Authenticated testing, multiple user roles, complex workflows, and custom business logic all increase depth and duration.
Test Type & Methodology
Web application, external network, internal network, mobile, and API testing each requires a different methodology and skill set. Black-box, grey-box, and white-box engagements also vary in setup time and depth.
Compliance Requirements
Testing scoped for ISO 27001, PCI DSS , or SOC 2 may require specific methodology, evidence collection, or reporting formats beyond a standard engagement. Communicating your compliance context upfront ensures accurate scoping.
Number of User Roles
For web and mobile application testing, the number of distinct user roles in scope directly affects testing time. Each role may expose different functionality, access levels, and vulnerabilities that need independent assessment.
Timeframe & Scheduling
Standard engagements are scheduled based on consultant availability, typically with a 2-3 week lead time. If you have a specific compliance deadline or preferred testing window, let us know during scoping.
Real scoping examples across common assessment types
What does a typical engagement cost?
The best way to understand penetration testing costs is to see how real engagements are scoped. The examples below are drawn from common scenarios across our client base. Your environment will differ, but these give a realistic starting point before you request a quote.
Marketing Website (WordPress / CMS)
A typical brochureware or company website that’s been built using WordPress, Drupal, or a similar CMS. This is usually an unauthenticated assessment, which covers the public facing side of server configuration, exposed admin interfaces, and common web application vulnerabilities.
Where we can, we also attempt to identify insecure plugin versions and misconfigurations that could lead to compromise.
Typical price range: £1,350-£1,900
Average Testing time: 1 day
What factors into the cost: number of URLs (pages), presence of custom code or plugins
Multi-tenant SaaS Application or Customer Portal
A custom-built web application with multiple user roles, authentication, and complex business logic. This is a more in-depth assessment that includes authenticated testing, role-based access control testing, and logic flaw analysis across the application.
API testing is often included in this type of engagement, but if you have a separate API that requires testing, that would be scoped as an additional engagement.
Typical price range: £3,600-£7,000+
Average Testing time: 4-7 days
What factors into the cost: number of user roles, complexity of workflows, amount of functionality and business logic in scope
External Network
An assessment of externally-facing infrastructure, including firewalls, VPNs, and internet accessible services. This involves port and vulnerability scanning, manual probing and interaction with exposed services, and exploitation attempts to identify vulnerabilities that could lead to an external compromise.
Typical price range: £1,800-£3,600+
Average Testing time: 2-4 days
What factors into the cost: scope size (number of IPs), complexity and number of exposed services
Internal Network
An assessment of internal infrastructure, including workstations, servers, and network devices. This is a more complex engagement that involves lateral movement, privilege escalation, and post-exploitation activities to identify vulnerabilities that could lead to a significant internal compromise.
Typical price range: £2,700-£8,000+
Average Testing time: 3-8 days
What factors into the cost: scope size (number of IPs), complexity of the environment, presence of Active Directory or other directory services, and the testing approach
Key Deliverables
What's included in the assessment?
Every penetration test includes a defined set of deliverables to support both technical remediation and executive decision-making. Every engagement with Exploitr includes the following as standard:
Executive Report
Our primary deliverable is an executive-focused assessment report providing a non-technical summary of findings, with recommendations suitable for board and senior management stakeholders.
Technical Report
A detailed supplementary report covering each vulnerability discovered, including reproduction steps, severity scoring, remediation guidance, and mappings to CVE, CVSS, and MITRE ATT&CK where applicable.
Debrief Session
Every engagement includes the offer of a debrief session to present findings, discuss remediation strategies and priorities, and run an open Q&A with your team.
Retesting
For web application, API, and external network engagements, our team offers free focused retesting of vulnerabilities remediated post-engagement. This allows us to confirm your fixes are effective and provides supporting evidence for compliance or audit purposes.
Attack Surface Center Access
Complimentary access to our Attack Surface Center ASM platform to review, track, and collaboratively remediate findings in real time throughout and beyond the engagement.
Experienced, Consultant-led Testing
All engagements are delivered by experienced, certified in-house consultants. Your consultant works with you from initial scoping through to the debrief and remediation phase, and nothing is outsourced or subcontracted.
Compliance-Driven Testing
Penetration testing for compliance requirements
Many organisations require penetration testing as part of a compliance framework. We scope and deliver testing that meets the specific requirements of common standards, with reporting that supports your audit process.
ISO 27001 Penetration Testing
ISO 27001 recommends that organisations regularly test their security controls. Our testing is scoped to satisfy Annex A requirements and produces reporting suitable for your ISMS audit, with clear evidence of methodology and findings.
PCI DSS Penetration Testing
PCI DSS Requirement 11.4 mandates penetration testing of cardholder data environments at least annually. We scope testing to cover your CDE internally and externally, provide methodology documentation, and deliver reports aligned to PCI DSS requirements.
Cyber Essentials Plus
Cyber Essentials Plus requires independent technical verification of your controls. Many organisations use penetration testing to identify and remediate issues before their CE+ assessment to improve first-time pass rates.
SOC 2 Penetration Testing
SOC 2 Type II audits increasingly expect evidence of penetration testing as part of the security, availability, and confidentiality trust service criteria. We provide testing and reporting that satisfies auditor expectations and supports your SOC 2 programme.
Pricing FAQs
Penetration testing pricing - frequently asked questions
Everything you need to know about how penetration testing is priced, scoped, and delivered before you request a quote.
Penetration test costs in the UK typically range from £1,350 for a smaller website assessment to £12,000+ for internal network or red-team engagements.
Typical price ranges for common assessment types:
- External network penetration testing: £1,800 - £7,000+
- Mobile application testing: £2,800 - £8,000+
- Internal network penetration testing: £2,700 - £12,000+
- Web application penetration testing: £2,700 - £8,000+
- API penetration testing: £1,800 - £7,000+
At Exploitr, we provide fixed pricing based on your specific scope. All engagements are delivered by an experienced in-house consultant and nothing is outsourced.
The typical day rate for accredited penetration testing is between £1,200 - £1,600 per day, and when those days run out their testing stops whether the scope is fully covered or not.
We work on fixed prices, not day rates. Every engagement is individually scoped, and a written fixed-price proposal is agreed before testing begins.
Our fixed-price engagements are scoped to an outcome, and not a timeframe: testing continues until every agreed area has been assessed. You’re paying for coverage, not a countdown.
If you would prefer a day-rate based quote or are working to a budget, let us know during the scoping call and we’ll do our best to accommodate your requirements.
Every penetration test includes:
A scoping call to define objectives, scope, and rules of engagement
Experienced consultant-led testing
A detailed technical report with risk-rated findings, evidence, and reproduction steps
An executive report with a summary covering risk, business impact, and remediation priorities
A post-engagement debrief call
Access to the Attack Surface Center platform for ongoing vulnerability management, remediation tracking, and secure report delivery
Free focused retesting of remediated vulnerabilities for web application, API, and external network engagements
We stay connected with you throughout the engagement and beyond, so you can ask questions, get clarification, and ensure you have everything you need to understand and remediate your risks.
A mid-sized SaaS application with multiple user roles, authentication, and complex business logic typically costs between £3,600 and £7,000+. The final price depends on the number of user roles, the complexity of workflows, and the amount of functionality in scope. API testing is often included in this type of engagement, but if you have a separate API that requires testing, that would be scoped as an additional engagement.
Most engagements run between 3-5 days of active testing, depending on scope and complexity. This will vary based on the type of testing: An internal network pentest may take between 4-8 days, whilst a basic company website assessment may take 1-2 days.
With Exploitr, reports are delivered within 2 business days of testing completion. We provide live access to our findings throughout testing via Attack Surface Center, so you don’t have to wait for the final report to start understanding your risk.
For network penetration testing, we typically price based on the number of IP addresses in scope. For web application and API testing, we price based on the number of URLs or API endpoints in scope. This is because the cost is driven by the amount of testing time required to thoroughly assess each asset, and these metrics provide a basis for that estimation.
For example, a web application with 50 URLs, user management with multiple roles or permission features, and unique business logic functionality will require more testing time than one with 10 URLs.
An external network with 20 IP addresses will require more time than one with 5 IP addresses. During the scoping call, we’ll discuss your environment in detail to determine the most appropriate pricing based on your specific assets and testing requirements.
Yes. We regularly scope penetration testing engagements for ISO 27001, PCI DSS, and SOC 2. Compliance-driven testing may require specific methodology, evidence collection, or reporting formats. Letting us know your compliance context during scoping ensures we deliver exactly what your auditor or certification body needs.
Combined engagements, for example a web application testing alongside an external network assessment, are scoped as a single proposal and typically offer better value than booking separately. If you have multiple testing requirements, include them all in your quote request and we’ll scope them together.
If you have a strict budget, are a start-up, or are concerned about costs, let us know during a scoping call or through the quote request form and we’ll help where we can.
None whatsoever. All enquiries are treated as strictly confidential and you are under no obligation to proceed at any stage. We’ll provide a quote and you can take as much time as you need. If you have questions before requesting a quote, you’re welcome to book an informal scoping call instead - in fact, we’d prefer to speak with you first.
These terms describe how much information is shared with the tester before the engagement begins.
Black-box testing simulates an external attacker with no prior knowledge of your environment. It’s useful for testing your external perimeter and detection capabilities, but may miss deeper issues due to limited context.
Grey-box testing provides the tester with partial information, which is typically credentials, architecture diagrams, or access to the application as an authenticated user. This is the most common approach for web application and API testing as it balances realism with thoroughness and efficiency.
White-box testing gives the tester full access to source code, architecture documentation, and credentials. This maximises coverage and is often used for compliance-driven engagements or where a deep audit of application security is required.
We’ll recommend the most appropriate approach during your scoping call based on your objectives.
We can test any part of your environment that you want. We don’t require you to test everything, and we don’t believe in a one-size-fits-all approach. We’d recommend including all relevant assets for network testing, and all user roles and critical functionality for application testing, but ultimately it’s your choice. During the scoping call, we’ll discuss your environment and objectives in detail to help you determine the most effective scope for your engagement.
Yes, we can provide an attestation letter confirming that the penetration test was conducted according to the agreed scope and methodology. This can be useful for compliance purposes or to provide assurance to stakeholders. An attestation of penetration testing is included as standard for all of our engagements.
Our standard lead time is 2-3 weeks from the point of agreement. If you have a compliance deadline, audit date, or product launch driving your timeline, let us know during scoping and we’ll do our best to accommodate it. Urgent engagements may be possible depending on our availability.
Cyber Essentials (CE) does not require a penetration test, it is a self-assessment against various technical controls that is reviewed by a CE Assessor. However, Cyber Essentials Plus requires an independent technical verification by an accredited assessor.
Ready to get a fixed-price quote?
Tell us about your environment and we’ll get back to you with a firm, fixed price within one business day. No obligation, no day-rate surprises.