Independent reference. Not affiliated with any vendor listed.

$ list --topics

Every topic page on pentestcost.com, grouped by scope, compliance trigger, and programme topic. Every page is one click from this index.

$ group --scope

What you are testing drives the bill more than which vendor you pick. Eight scope-focused pages.

  • $ open --route=/web-app-pentest-cost
    Web app pen test cost

    Single-app pricing bands by complexity, plus methodology depth impact.

    open
  • $ open --route=/network-pentest-cost
    Network pen test cost

    Internal and external network test pricing bands.

    open
  • $ open --route=/api-pentest-cost
    API pen test cost

    REST, GraphQL, gRPC scope pricing.

    open
  • $ open --route=/mobile-app-pentest-cost
    Mobile app pen test cost

    iOS and Android, per platform and combined.

    open
  • $ open --route=/cloud-pentest-cost
    Cloud pen test cost

    AWS, Azure, GCP. Shared-responsibility-model scope.

    open
  • $ open --route=/red-team-cost
    Red team cost

    Full-scope adversary emulation budget bands.

    open
  • $ open --route=/social-engineering-cost
    Social engineering cost

    Phishing, vishing, pretexting cost split.

    open
  • $ open --route=/physical-pentest-cost
    Physical pen test cost

    Covert entry and overt assessment, per site.

    open

$ group --compliance

If you are buying a pen test because a framework requires it, the framework dictates scope. Five compliance pages.

  • $ open --route=/pci-pentest-cost
    PCI DSS 11.4 pen test cost

    Annual and after-change pen-test scope.

    open
  • $ open --route=/soc2-pentest-cost
    SOC 2 pen test cost

    Auditor expectation vs strict requirement.

    open
  • $ open --route=/iso27001-pentest-cost
    ISO 27001 pen test cost

    Annex A.8.8 evidence mapping.

    open
  • $ open --route=/hipaa-pentest-cost
    HIPAA pen test cost

    Security Rule risk-analysis context.

    open
  • $ open --route=/fedramp-pentest-cost
    FedRAMP pen test cost

    Annual 3PAO-led pen test, Rev 5 scope.

    open

$ group --programme

Buying-process, RFP, and ROI framing pages.

  • $ open --route=/penetration-testing-cost-2026
    Penetration testing cost 2026: ultimate guide

    End-to-end across vendor, scope, and country.

    open
  • $ open --route=/hidden-pentest-costs
    Hidden pen test costs

    Line items that do not appear in the headline quote.

    open
  • $ open --route=/how-vendors-price-pentests
    How vendors price pen tests

    Subscription, credit, project quote, day-rate.

    open
  • $ open --route=/pentest-vs-alternatives
    Pen test vs alternative categories

    When bug bounty, vuln scan, or BAS substitutes.

    open
  • $ open --route=/pentest-cost-smb
    Pen test cost: SMB

    Under 100 staff, single web app.

    open
  • $ open --route=/pentest-cost-mid-market
    Pen test cost: mid-market

    100 to 1,000 staff, compliance triggers.

    open
  • $ open --route=/pentest-cost-enterprise
    Pen test cost: enterprise

    Programmes not projects.

    open
  • $ open --route=/pentest-buying-guide
    Pen test buying guide

    Stage by stage from scoping to report.

    open
  • $ open --route=/pentest-rfp-template
    Pen test RFP template

    Twelve questions every quote-only vendor should answer.

    open
  • $ open --route=/pentest-implementation-cost
    Pen test implementation cost

    Spend before and after the test itself.

    open
  • $ open --route=/ptaas-vs-project
    PtaaS vs project vs retainer

    Annual cost across three org sizes.

    open
  • $ open --route=/day-rate-index
    Pen-tester day rate index

    Region and speciality bands, sourced.

    open
  • $ open --route=/uk-pricing
    Penetration testing cost UK

    GBP day rates, CREST and CHECK context.

    open