HackersHub's core business is high quality penetration testing performed by highly skilled pentesters. Originally, we are a Dutch Penetration testing company, but our clients and consultants operate globally.
To answer the common question of how much does a penetration test cost?
Below, we provide a rough indication of the penetration testing costs for the diverse tests we offer. Furthermore, we provide more insights into the types of pentests and the testing methodology.
Types of Penetration Testing
A white box penetration test means that the consultant will have full knowledge of the system being tested. i.e.; the system architecture, login credentials for different user roles (if present) and access to source code.
The advantage of a white box test is that the consultant can test every aspect of the system from different user role perspectives (if present). This ensures that the customer receives a very comprehensive, reliable and time effective penetration test. If your application/system has not been thoroughly tested, then a white box approach is recommended.
Black box penetration testing is the mirror opposite of white box testing, here the consultant will not have any information on the targeted system/application.
A black box penetration test requires the consultant to research the application/system and therefore may provide less comprehensive results when compared to a white box test.
The advantage of a black box test is that it a more accurate simulation of a real-world attack. Black box testing is recommended for application/system that have already been extensively tested in the past.
A grey box penetration test is a mixture of white and black box penetration testing. Not all information is given to the consultant, however some key points are provided.
For example, the consultant may receive login credentials and some background information. Grey box is a cost-effective testing method which allows comprehensive results, while still simulating a real-world attack. The grey box testing approach is recommended if your application/system has been tested in the past or built following the secure development best practices.
Please note, these are very rough pentesting cost estimates, the larger the project the more discount we can apply in a formal quote. As penetration testing is a made to measure service, the actual amount will always vary.     Our pricing estimate is only available on a desktop browser
Number of unique Web Pages:
Estimated Number of Forms:
Request a free quote today
These days, the majority of software applications are delivered as web applications. These come in several types, ranging from internally hosted applications, Software-as-a-Service, internally-developed applications, and off-the-shelf products.
A web application penetration test focuses on assessing the security of any type of web application. The consultant will begin the assessment by analyzing the web application for known vulnerabilities according to the following standards: OWASP Top 10 and SANS Top 25. The consultant will use this primary assessment as the foundation of the web application test and will continue exploitation from this assessment.
Every organization has multiple devices exposed to the internet, whether these are web servers, email servers or VPN gateways.
During an External Network Penetration Test, our consultants will attempt to discover and exploit vulnerabilities that might affect the systems which your organization has exposed to the internet.
An external network pentest assesses the security of the client’s internet-facing infrastructure by using the OSSTMM method as a guideline. An external penetration test will identify the vulnerabilities in connections between the organizations networks and the internet.
Request our white paper
Not sure what IT Security consultancy you are looking for? Speak to one of our knowledgeable technicians after receiving our white paper about cyber securityGet our penetration testing white paper
An Internal Network Penetration Test is executed from the following perspectives: an attacker has gained access to your local network or an employee with restricted access permissions.
When performing an Internal Network Penetration Test, our consultants will attempt to escalate privileges to Domain Administrator level and gain access to all systems and devices as agreed to prior to testing.
An internal network penetration test assesses the current state of internal IT systems, and/or other network connected devices. This form of pentest simulates an attack from the client’s own network. An internal penetration test will illustrate the threats that organizations are exposed to, from a malicious insider’s perspective or from an external attacker who bypassed perimeter security. The main objective is to gain unauthorized access to the network and potentially access confidential information on internal systems.
Key processes of internal penetration testing
- Enumeration and mapping
Begin with port scanning and vulnerability scanning to map the internal network and to identify potentially vulnerable assets. The consultant will target assets which have weaker security controls, vulnerabilities, or are improperly configured.
- Vulnerability Exploitation
The consultant will try and exploit the identified vulnerabilities. This could allow the consultant access to asset(s). Depending on the level of access, the consultant will try and gain further access via;
- Privilege Escalation
The consultant will try to gain maximum level of access on the compromised asset(s).
- Lateral Movement
The consultant will try and compromise other assets on the network and spread through the network via the initial compromised asset. Therefore, increasing the likelihood of becoming domain administrator.
- Completely compromised network infrastructure
The ultimate goal for the consultant, giving them access to as much business-critical information as possible.
Compared to web applications, mobile applications are much more complex and must be analysed in terms of both the application itself as well as the back-end systems the application communicates with and the underlying operating system.
A mobile application penetration test is similar to the web application pentest. Mobile application vulnerabilities come in several forms which vary by operating system:
- Sensitive data leakage
- Insecure communication
- Insecure storage of data on the device itself
Mobile application pentests consider:
- Does the application transmit unnecessary sensitive data to the back-end server such as location data?
- Does the application securely communicate with the back-end? Does it implement additional security measures to ensure secure communication?
- How does the application store data on the device, is it securely encrypted? For example, the storage might be encrypted but it might use a hardcoded encryption key.
Request a free consultation
Not sure what IT Security consultancy you are looking for? Speak to one of our knowledgable technicans to see what best fits your needs and what it will cost...Give us some info