$ pricing --vendor=detectify
Detectify pen-test pricing for 2026. Published price floor cited and source-linked.
Detectify publishes Application Scanning, 1 domain, from EUR 90/month. Source: https://detectify.com/pricing. Verified June 2026.
Last verified June 2026
Detectify sits at $90 on the cheapest-published-floor scale ($90 to $1,999) across the two vendors that publish a hard floor. Twenty vendors total, eighteen route to a sales call.
$ list --tiers
Published tier structure. Prices shown only where Detectify publishes a number. Quote-only tiers are labelled as such; we do not estimate.
| Tier | Price | Notes |
|---|---|---|
| Application Scanning | $90 EUR/month, 1 domain | Authenticated scanning, advanced fuzzing |
| API Scanning | $90 EUR/month, 1 API | Dynamic API testing, payload randomisation |
| Surface Monitoring | $302 EUR/month, up to 25 subdomains | EASM with vuln testing across domains, IPs, ports, web apps, APIs |
| Enterprise | quote | SSO/SAML, dedicated CSM, custom integrations |
Source: https://detectify.com/pricing · verified 2026-06-19
$ best-for --buyer
Teams wanting continuous EASM and authenticated web-app scanning rather than a point-in-time pen test.
Scope fit
- web-app
- api
- external-network
$ hidden --costs
Line items that often do not appear in the headline Detectify quote. Confirm each against the SOW before signing.
- Retest fee
Whether retesting fixed findings is included in the headline price or charged as a separate engagement. Ask before signing.
- Out-of-hours testing
If you need testing outside business hours to avoid production impact, that often carries a premium of 25 to 50%.
- Report format and depth
Executive summary, full technical report, attestation letter for auditors. Some vendors bundle all three, some charge for the attestation separately.
- Travel and on-site
Internal-network or physical pen test usually requires on-site days. Travel is normally billed at cost.
- Bug-bounty payouts
Not applicable here. Bug bounty is not part of the standard engagement.
- Re-scope mid-engagement
If discovery uncovers new in-scope assets, expect a change-order conversation. Cap the change-order rate in the master agreement.
$ vendor --notes
- Minimum invoice order value is USD 1,650 / EUR 1,500. Annual billing only at enterprise tier.
- Detectify does not deliver manual penetration testing. Compare against project-based vendors with this caveat in mind.
$ nearest --alternatives
Closest comparable vendors to Detectify. We pair on pricing model and product fit.
- Astra SecurityPtaaS
PtaaS vendor with a fully published price card. One of the few firms in this index where the headline number does not depend on a sales call.
open astra-pricing →