$ pricing --vendor=astra
Astra Security pen-test pricing for 2026. Published price floor cited and source-linked.
Astra Security publishes Pentest Basic, annual subscription, 1 target. Source: https://www.getastra.com/pricing. Verified June 2026.
Last verified June 2026
Astra Security sits at $1,999 on the cheapest-published-floor scale ($90 to $1,999) across the two vendors that publish a hard floor. Twenty vendors total, eighteen route to a sales call.
$ list --tiers
Published tier structure. Prices shown only where Astra Security publishes a number. Quote-only tiers are labelled as such; we do not estimate.
| Tier | Price | Notes |
|---|---|---|
| Pentest Basic | $1,999 /year per target | Automated scans plus manual pentest, OWASP Top 10, 1 re-scan |
| Pentest Plus | $5,999 /year per target | Certified experts, 2 re-scans, cloud config review, API testing in scope |
| Enterprise | quote | Multiple targets, dedicated AM, custom SLA |
Source: https://www.getastra.com/pricing · verified 2026-06-19
$ best-for --buyer
SMB and mid-market buyers needing compliance-grade pen test on a single web app or SaaS product without a quote-cycle.
Scope fit
- web-app
- api
- cloud-config
- saas
$ hidden --costs
Line items that often do not appear in the headline Astra Security quote. Confirm each against the SOW before signing.
- Retest fee
Whether retesting fixed findings is included in the headline price or charged as a separate engagement. Ask before signing.
- Out-of-hours testing
If you need testing outside business hours to avoid production impact, that often carries a premium of 25 to 50%.
- Report format and depth
Executive summary, full technical report, attestation letter for auditors. Some vendors bundle all three, some charge for the attestation separately.
- Travel and on-site
Internal-network or physical pen test usually requires on-site days. Travel is normally billed at cost.
- Bug-bounty payouts
Not applicable here. Bug bounty is not part of the standard engagement.
- Re-scope mid-engagement
If discovery uncovers new in-scope assets, expect a change-order conversation. Cap the change-order rate in the master agreement.
$ vendor --notes
- Astra publishes both a subscription price and a separate cost-guide that quotes per-engagement ranges of $5,000 to $50,000 for web-app pentest. The $1,999 figure is the cheapest subscription, not a one-off project price.
$ nearest --alternatives
Closest comparable vendors to Astra Security. We pair on pricing model and product fit.
- DetectifyPlatform
Continuous external attack-surface and application-scanning platform. Not a manual pen-test firm. Published from-prices, scales with subdomain or API count.
open detectify-pricing →