Penetration testing pricing
with no hidden variables
Three engagement types for different stages and goals. All include working proof-of-concept for every finding, professional reports, and retest. Quotes within 48 hours of a scoping call.
Free trial: 1 week · 4–6 slots/month · zero cost · no commitment
Launch Secure
Project-based or first engagement
A focused, scoped penetration test for teams that need a credible assessment before a deal, audit, or product launch. Fixed scope, fixed timeline, full report.
- Black-box or grey-box web and API testing
- Exploitation-led methodology — no scanner noise
- Working PoC for every finding
- Executive + technical report
- CVSS scoring and CWE mapping
- Remediation guidance per finding
- One included retest round
- Findings walkthrough call
Release Guard
Continuous coverage matched to your release cadence
Ongoing monthly or quarterly pentest sprints that follow your actual release surface — new endpoints, changed auth flows, recently shipped features. Not a static annual checkbox.
- Monthly or quarterly sprint cadence
- Scope adjusts each cycle to new and changed surfaces
- Live findings register updated throughout the sprint
- Critical findings surfaced same day, verbally
- Retest included each cycle
- Cumulative coverage history across all sprints
- Quarterly security posture summary
- Priority response time for scoping calls
Audit & Procurement Pack
Built for SOC 2, enterprise deals, and vendor reviews
A comprehensive pentest packaged specifically for enterprise procurement reviewers and SOC 2 auditors. Every artifact a security questionnaire asks for, in the format they expect.
- Full web and API penetration test
- Procurement-formatted report package
- Remediation evidence and confirmation letter
- Retest with written remediation sign-off
- Optional one-page security summary for prospects
- SOC 2 / vendor questionnaire alignment
- CVSS, CWE, and risk register artifacts
- Executive briefing call for stakeholders
All prices are starting points for the minimum qualifying scope. Fixed quotes issued after a 30-minute scoping call — typically within 48 hours.
What every engagement includes
Regardless of plan, every Provecore engagement delivers these by default.
Proven findings only
No scanner noise. No theoretical issues. Every finding in the report has been manually validated and exploited.
Working proof of concept
Each finding includes a working HTTP request or exploit chain demonstrating the vulnerability — not a description of a class of bugs.
Retest confirmation
After remediation, we verify each fix and issue written confirmation. Suitable for audit and procurement responses.
Two-audience report
Executive summary for procurement and leadership. Technical findings with root cause and code-level detail for your engineers.
Critical findings, same day
If we find a critical issue during the engagement, you hear about it verbally the same day — not at report delivery.
Findings walkthrough call
We walk through every finding with your technical team so context is clear and remediation questions get answered immediately.
Try us before you commit to anything
We test one scoped surface of your application for seven days and deliver the same professional report your paid clients receive. Working PoC for every finding. Zero cost. Zero obligation.
4–6 slots available per month · Reviewed within 24 hours
Pricing FAQ
Common questions about cost
Why is there no fixed price?
Penetration testing cost scales with scope — the number of endpoints, authentication roles, API surfaces, and business logic flows we need to cover. A single-page marketing app is a different engagement from a multi-tenant SaaS platform with complex authorization. We give a fixed quote after a short scoping call, typically within 48 hours. The prices shown are genuine floor prices for the smallest qualifying scope, not marketing anchors.
Is the free trial really free?
Yes. We run 4–6 free one-week trials per month to demonstrate what our work actually looks like. You receive the same report format as every paid engagement — executive summary, technical findings with working PoC, remediation guidance. There is no obligation to continue. The only requirement is that you qualify (web or API product in production or staging, two test accounts, decision-maker on your side) and a slot is available.
What does a retest cost?
For Launch Secure and Audit & Procurement Pack, one retest round is included in the base price. If you need additional retest rounds — for example, after a second remediation pass — those are billed at a flat day rate. Release Guard customers have retest included every cycle by design. We confirm retest scope before each round so there are no surprises.
Can I start with the free trial and upgrade to a paid plan?
Yes, and many clients do. The trial uses the same methodology and report structure as a paid engagement, so you already know what you are buying. If you want to continue after the trial, we discuss scope and the right plan on a short call. There is no penalty and no artificial gap — ongoing work can begin immediately.
How quickly do I get a quote after the scoping call?
Within 48 hours of the call, usually the same day. We send a written scope of work with a fixed price, timeline, and rules of engagement. No ambiguity about what is included.
Ready to get a fixed quote?
A 30-minute scoping call is all we need to scope the engagement, confirm the right plan, and deliver a fixed written quote within 48 hours. No sales pressure — if you are not a fit, we will tell you.