Penetration Testing costs


Did you know that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer?

It all depends on the complexity of the apps, your experience and if you're working as a freelancer or as a company.

I've over 20 years of experience as a pentester and have a small company in information security consultancy. I use a rate of 1240,- euro a day (based on 155,- an hour). A starting pentester working as a freelancer will start at about about 75,-/80,- an hour, 600-700,- a day. Use that to base your rate on.

If you make one report with findings for all the apps, you can save your client some time and money. If the apps are not too complex and your offering a 'deep, grey box pentest', you will probably need about 4 days for each app (5 or 6 if they are more complex, a day extra if they all have their own report, only 3,5 day if they are really simple). If you're offering a less deep test on the apps, you can trie to do it in 2-3 days each. This also depends on what your client expects and is willing to pay. (most clients asking for a quote on all their apps and a network scan don't expect a too deep pentest, is my experience.

If you have a license for a good network vulnerability scanner (like Nessus) and their network is not too huge (less then 200 servers) you can do that on their internal network test in about 2 days (including sorting out findings), and you can scan their external network in 1,5 days. You will need 2,5 days for the report on these scans.

That will sum up to 15-20 days (depending on how deep they want it, your experience in performing the tests and your experience in writing good reports). Multiply that with your daily rate. I would have made them an offer for around 20k-25k.

After all of that camDown helps make you invisible to hackers and guard your personal data and that's no joke!