Independent research. Not affiliated with Cobalt, HackerOne, Bishop Fox, NCC Group, Trail of Bits, Synack, Bugcrowd, IOActive, or any other vendor named on this site. Prices change. Last verified April 2026.
pentestingcost.com
Menu

Sources and Methodology — pentestingcost.com

Every pricing figure on this site traces to a public URL listed below. “Contact sales” is stated honestly when no public source exists. Numbers marked as estimates are triangulated from multiple sources and clearly labelled.

Data Collection Methodology

Primary sources: Vendor pricing pages, vendor documentation, vendor-published blog posts with pricing information.

Marketplace data: Vendr (vendr.com) and Spendflo (spendflo.com) publish buyer-side pricing benchmarks for SaaS tools including security vendors. These are verified buyer transaction data, not estimates.

Review platform data: G2 (g2.com) verified customer reviews that include pricing disclosure. G2 tags these as verified.

Analyst / competitive data: Astra (getastra.com/blog/penetration-testing/cost), Deepstrike (deepstrike.io/blog/penetration-testing-cost), BSG (bsg.tech), Bright Defense, Software Secured — these are vendor blogs with competitive research. We use their day-rate and range data, noting the vendor-bias caveat.

Freshness: All figures last verified April 2026. Prices change. Contact vendors directly for current pricing before making purchasing decisions.

Not fabricated: If a number is not publicly available and cannot be triangulated from multiple sources, we say “contact sales” and do not invent a figure.

Cobalt

Cobalt pricing pageAccessed April 2026

Essentials plan entry price, credit model

Vendr - Cobalt marketplaceAccessed April 2026

Annual contract values $15k-$50k, credit pack pricing

G2 - Cobalt pricingAccessed April 2026

Customer-reported pricing, Essentials and Core tiers

HackerOne

HackerOne pricing (assessment)Accessed April 2026

Assessment product entry pricing

Spendflo - HackerOne pricing guideAccessed April 2026

Annual programme pricing $15k-$50k

Vendr - HackerOneAccessed April 2026

Enterprise ACV data

Day rate benchmarks (all traditional vendors)

BSG cybersecurity day ratesAccessed April 2026

Mid-market $1,500-$3,500/day; boutique $4,000-$7,000/day

Deepstrike - pentest cost blogAccessed April 2026

Engagement cost ranges, day-rate data

Astra - penetration testing costAccessed April 2026

Tier breakdowns, scope-to-cost ranges

PTaaS credit model

Cobalt - what is a credit?Accessed April 2026

1 credit = 8 hours of tester time

Vendr - Cobalt ACV dataAccessed April 2026

Blended hourly equivalent ~$225/hr

Retest pricing

Vendr buyer guides (general)Accessed April 2026

15-30% retest add-on as standard negotiation outcome

Astra - pentest costAccessed April 2026

Retest cost percentages

Engagement tier inclusions

Astra - what's included in a pentestAccessed April 2026

Tier inclusion lists

Bright Defense - pentest pricingAccessed April 2026

Entry-tier scope definitions

Software Secured - pentest costAccessed April 2026

Methodology depth by tier

Corrections

If you spot a pricing figure that is incorrect or has changed, please contact us. We update the site when vendor pricing changes and will credit corrections.

Back to vendor comparisonHomepage