Pricing

Investment Guide

Every engagement is scoped to your product and compliance needs. The examples below illustrate typical costs for common scenarios.

How pricing works: Our assessments are scoped individually based on the number of endpoints, codebase size, compliance requirements, and depth of review. The figures below are representative examples -- your actual cost will reflect the specific scope of your engagement. Contact us for a tailored quote.

Example Scenarios

Three real-world scenarios showing how scope determines cost.

Scenario 1

Endpoint Security Audit

From $4,500
Example

A software vendor with a single HTTPS endpoint (update server, version API, or download site) needs TLS validation and a penetration test report for an enterprise customer's procurement review.

  • TLS/SSL configuration audit
  • Security headers assessment
  • Port scan and service enumeration
  • Certificate chain verification
  • Response content analysis
  • Penetration test report with findings
Cost factors

Number of endpoints, server complexity, whether client-side binary validation is included.

Scenario 2

Software Security Assessment

From $10,800
Example

An on-premises software company needs to demonstrate its security posture to enterprise customers. The assessment covers development practices, security program, endpoint testing, binary verification, and produces compliance-ready documentation.

  • Everything in Endpoint Audit
  • SDLC and development process review
  • Internal security program audit
  • Web application vulnerability scanning
  • Directory and path discovery
  • Binary analysis and network verification
  • SBOM and supply chain review
  • Security questionnaire response drafts
  • Full assessment report
Cost factors

Number of products assessed, complexity of build/release process, number of third-party dependencies, compliance frameworks required (SOC 2, ISO 27001).

Scenario 3

Comprehensive Assessment

From $18,000
Example

A software vendor providing source code access for static analysis needs a full-depth assessment including SAST review, runtime verification, and ongoing support through their customer's procurement cycle.

  • Everything in Security Assessment
  • Static Application Security Testing (SAST)
  • SQL injection and input validation testing
  • Subdomain enumeration and OSINT reconnaissance
  • Credential and authentication strength testing
  • Client-side testing via mitmproxy
  • Dynamic runtime verification
  • SAST findings triage and remediation guidance
  • Ongoing procurement support
  • Assessment updates as findings are remediated
Cost factors

Codebase size and language, number of platforms (Windows, Linux, macOS), depth of SAST triage, duration of procurement support period.

What Determines Your Cost

The final price reflects the actual scope and effort required for your specific engagement.

Test Spectrum

Which assessment areas apply -- endpoint testing only, or full SDLC + security program + SAST + verification. You choose what you need.

Product Complexity

Number of endpoints, codebase size, supported platforms, third-party dependencies, and build pipeline complexity.

Compliance Needs

Whether you need SOC 2, ISO 27001, or custom questionnaire support, and how many customer questionnaires need responses.

Source Access

SAST requires source code access and adds significant review and triage effort. Assessments without source access are scoped accordingly.

Number of Products

Assessing multiple products or releases in the same engagement may qualify for reduced per-product pricing.

Ongoing Support

One-time assessment vs. ongoing relationship with assessment updates as you remediate findings and release new versions.

Get a Tailored Quote

Tell us about your product, your endpoints, and what your customers are asking for. We will scope an engagement and provide a fixed-price quote.

Request a Quote Back to Services