$ methodology --read
Every dollar figure on this site is either source-linked to a vendor's public pricing page or labelled illustrative. Here is how we keep that promise.
Vendor figures come from each vendor's public pricing page, captured with a verified-on date. Project bands come from vendor-published cost guides (Astra, Cobalt, Bishop Fox) and labelled as such. We never infer a price for a vendor that does not publish one. We never use a third-party estimate as a source for a vendor's own pricing.
Last verified June 2026
$ rules --hard
- No inferred prices
If a vendor does not publish a price, we tag it quote-only and do not estimate.
- Source per figure
Every published dollar figure links to its source URL. Date-stamped.
- Verified-on dates
Each vendor row carries a verifiedDate. Re-verification cadence is quarterly minimum.
- Worked examples labelled
Every worked example carries an Illustrative example, not a real company stamp.
- No affiliate links
Every vendor link is an unwrapped direct URL.
- Named datasets only for benchmarks
Industry benchmarks only when traceable to a named published dataset (Gartner, Forrester, IDC, Damodaran, BLS, similar).
$ vendor --source-list
- Astra Security: https://www.getastra.com/pricing · verified 2026-06-19
- Detectify: https://detectify.com/pricing · verified 2026-06-19
- Cobalt.io: https://www.cobalt.io/pricing · verified 2026-06-19
- HackerOne: https://www.hackerone.com/product/pentest · verified 2026-06-19
- Bugcrowd: https://www.bugcrowd.com/products/penetration-testing-as-a-service/ · verified 2026-06-19
- Synack: https://www.synack.com/platform/pricing/ · verified 2026-06-19
- NetSPI: https://www.netspi.com/ · verified 2026-06-19
- Rapid7: https://www.rapid7.com/services/security-consulting/penetration-testing-services/ · verified 2026-06-19
- Bishop Fox: https://bishopfox.com/services/penetration-testing · verified 2026-06-19
- Trustwave SpiderLabs: https://www.levelblue.com/services/penetration-testing · verified 2026-06-19
- Coalfire: https://coalfire.com/services/offensive-security · verified 2026-06-19
- Praetorian: https://www.praetorian.com/services/penetration-testing-services/ · verified 2026-06-19
- Mandiant: https://cloud.google.com/security/consulting · verified 2026-06-19
- CrowdStrike: https://www.crowdstrike.com/services/cyber-front-lines/ · verified 2026-06-19
- Secureworks: https://www.sophos.com/en-us/services · verified 2026-06-19
- Pentera: https://pentera.io/ · verified 2026-06-19
- Intruder.io: https://www.intruder.io/pricing · verified 2026-06-19
- BreachLock: https://www.breachlock.com/pricing/penetration-testing-pricing/ · verified 2026-06-19
- DeepSeas Red (ex RedTeam Security): https://www.deepseas.com/deepseas-red-pen-testing-and-cyber-security-validation/ · verified 2026-06-19
- Schellman: https://www.schellman.com/penetration-testing · verified 2026-06-19
$ flag --pricing-change
Vendor pricing changes faster than any single-quarter re-verification can catch. If you see a stale figure, email Oliver at oliver@digitalsignet.com and we will re-verify within five working days.