Pricing
Our current offerings are displayed below. This table gives a rough comparison cost and inexhaustive list of features that the different tests contain.
Webapp/Website:
Surface Audit
Typically 1-2 days- Detailed report
- Credential check
- Scans (auto)
- Cookies check
- Certificates check
- Encryption check
- Out of date library check
- Software version scan (light)
- Web sourcecode anomalies check (light)
- Webmaster login page search (light)
- Wordpress plugins check (light)
- Input sanitizations check (eg. XXS, SQLi)
- Public exploits check
- Password complexity check
- Insecure direct object references check
- Hidden directories search
- Configurations check
- Code review
Light Investigation
Typically 5 days- Detailed report
- Credential check
- Scans (auto and manual)
- Cookies check
- Certificates check
- Encryption check
- Out of date library check
- Software version scan (light)
- Web sourcecode anomalies check (light)
- Webmaster login page search (light)
- Wordpress plugins check (light)
- Input sanitizations check (eg. XXS, SQLi)
- Public exploits check
- Password complexity check
- Insecure direct object references check
- Hidden directories search
- Configurations check
- Code review
Deep Investigation
Typically 10-15 days- Detailed report
- Credential check
- Scans (auto and manual)
- Cookies check
- Certificates check
- Encryption check
- Out of date library check
- Software version scan (deep)
- Web sourcecode anomalies check (deep)
- Webmaster login page search (deep)
- Wordpress plugins check (deep)
- Input sanitizations check (eg. XXS, SQLi)
- Public exploits check
- Password complexity check
- Insecure direct object references check
- Hidden directories search
- Configurations check
- Code review
Network/Infrastructure:
Surface Audit
Typically 1-2 days- Detailed report
- Scans (auto)
- Out of date software check
- Software version scan (light)
- Encryption (traffic) checks
- Encryption (at rest) checks
- Public exploits check
- Password complexity check
- Configurations check
- Firewall checks
- …and more (TBC)
Light Investigation
Typically 5 days- Detailed report
- Scans (auto)
- Out of date software check
- Software version scan (light)
- Encryption (traffic) checks
- Encryption (at rest) checks
- Public exploits check
- Password complexity check
- Configurations check
- Firewall checks
- …and more (TBC)
Deep Investigation
Typically 10-15 days- Detailed report
- Scans (auto)
- Out of date software check
- Software version scan (light)
- Encryption (traffic) checks
- Encryption (at rest) checks
- Public exploits check
- Password complexity check
- Configurations check
- Firewall checks
- …and more (TBC)
Hardware/IoT:
All Types
Typically 10-20 days- We can perform:
- Serial port/JTAG searches
- Firmware extraction
- Firmware analysis
- Bootloader analysis
- Software version checks
- Chip removal and replacing
- Chip reading and writing
- …and more (TBC)
The pricing of a security test can differ due to the requirements of the client and the complexity of the required test.
Due to this, a day rate is decided by firms that can range from between £800 and £1500 per day in the UK.
Why does this day rate differ so much? Well that depends on the seniority of the tester, how established the pentesting firm is and its reputation.
So, a junior pentester on a day rate of £800 testing a basic website with five pages over a two day test would cost a business £1,600.
A senior penetration tester on a day rate of £1,500, on the other hand, testing a network with a complex web app interface and associated android app over a ten day test would cost a business £15,000.
This type of information can be daunting to new and small companies; it is expensive, so security, unfortunately, gets ignored.
Fortunately, GB Security have small businesses in mind – we are here to help by offering a solution that is much more affordable to them.
By providing smaller, cheaper tests, catered to the client’s needs, a more focused, client-centric test can be performed at an affordable price. If a pentest is required that is very specific, then give us a call and we will cater for your requirements.
Always keep in mind: the cost of a breach far outweighs the expense of a comprehensive security assessment.