Pricing and Fees

PEN Consultants offers the most competitive pricing on the market for security testing services. When considering hiring a company, many people ask, can I afford this? The question that should be asked, though, is can you afford NOT to do this? Think about what a breach will cost if a malicious attacker finds the gaps in your network. As seen in the report from Ponemon Institute, the average cost, per breach, is $3.62 million.

Our security testing prices are only $175/hr, which provides you the lowest cost security testing services in the industry! The exact total fee for an engagement is based on projected hours for the testing, which is determined during a no-obligation scoping call.

Below is a list of services we offer. If you have questions or would like more information, please contact us.

VULNERABILITY SCANNING AND ASSESSMENT SERVICES
Web Application Vulnerability Scan
Network Vulnerability Scan
SECURITY AND PENETRATION TESTING SERVICES
Web Application Security Testing
Network Security Testing
Mobile Application Security Testing
Client-Side Application Security Testing
Wireless Security Testing
SPECIALIZED SERVICES
Red Teaming Engagement
Phishing Assessment
Social Engineering Assessment
Cybersecurity Unlimited
DISCOUNTS:
Multi-Service Discount
On-going Quarterly Engagements
Nonprofits
Referrals

Competitor’s Pricing 60

Security Testing Services

It is vital to discover unmitigated/undetected attack vectors and remedy them before an adversary does. PEN Consultants can help you do just that. By mimicking the actions of a hacker, we can uncover potential attack vectors (vulnerabilities, misconfigurations, detection gaps, etc.) that would greatly damage your organization by compromising your data. But, unlike a hacker, we will perform the attacks with great care (to maintain confidentiality/integrity/availability of your data and systems) and will follow up with an actionable plan for you to protect yourself.

Although there is no magic bullet, and you’ll never achieve “100% secure”, the benefits of having on-going security testing performed is significant. To read more about these benefits, Google: “benefits of red teaming“.

Our Services

PEN Consultants offers traditional Vulnerability Scanning, Penetration Testing, and Red Teaming services. In addition to our core services, we also offer customized services, the exact blend of which is driven by the unique needs of each of our clients. For example, some clients want an exclusive deep dive web application testing, while others want a broad “everything is fair game” engagement. Others bring us in to simply test their incident response team, perform phishing evaluations, or lead lunch-and-learn trainings. We will tailor the engagement to your organization’s specific needs, which will be based on your risk concerns.

What is the difference between “Vulnerability Scanning”, “Vulnerability Assessments”, “Penetration Testing”, and “Red Teaming”? What do they mean? Which one do you need performed on your systems? For a detailed look at this topic, and to make an informed decision about what testing best meets your organization’s needs, check out this blog post: Red Teaming vs Penetration Testing vs Vulnerability Scanning vs Vulnerability Assessments

Testing Techniques

Example testing techniques and services performed during a given engagement 10:

By hiring PEN Consultants to mimic the actions of a hacker, you can be confident knowing your organization has Rock Solid Security.

10: The list is not inclusive and in no way guarantees all these attacks/tests will be performed. Examples: (ex. 1) It would be rare to have a physical access attack component with an application security testing engagement. (ex. 2) We would most likely avoid all “noisy” automated scanning/eval tools during a stealthy Red Teaming engagement. (ex. 3) Only a Red Teaming engagement or social engineering assessment would include social engineering.

20: Physical attacks will not be possible with remote-only testing. Social engineering will be limited to remote-only (via phone, email, etc.). Wireless attacks would not be possible, etc..

30: Application attacks for the general pentesting/red teaming is limited to looking for known vulnerabilities and testing of common attack vectors against applications. To fully evaluate an application(s), the separate Application Testing Service is required.

40: Although 3rd party vulnerabilities are discovered in nearly every security testing engagement, in most cases, this is the most limited of testing and you may only be given limited details about the discovery. This is due to the fact that we may/may not obtain the third party’s permission for testing (ex. bug bounty), and have an obligation to withhold disclosure of any discovered vulnerabilities for a period of time to allow for a “patch”. With that said, we are usually able to “manually” evaluate most 3rd party service provider’s services and work directly with the provider to responsibly disclose the vulnerability and track it until mitigated. In the end, you are more secure, as are their other customers. We typically get approval to release at least some of the details, if not all, to our clients.

50: Quarterly engagements require an initial full-scope engagement.

60: Hourly pricing is based on the 12-month average published rate for a Subject Matter Expert – Level III. Total Red Teaming service cost calculated at the same number of labor-hours as listed above.


© PEN Consultants, LLC 2013 -