Back to Home
Application Security Testing
Choose the level of testing that fits your needs
Comprehensive
$2,500 / app
- Both static and dynamic testing
- Up to 50,000 lines of code
- Up to 25 endpoints
- Optional pentest against staging
- Save $200 vs. separate
Additional lines: $0.05/line
Additional endpoints: $25/endpoint
Static Analysis (SAST)
$1,500 / app
- Up to 50,000 lines of code
- Automated scanning with Semgrep
- Manual review of flagged issues
- Security-critical code path analysis
Additional lines: $0.05/line
Dynamic Testing (DAST)
$1,200 / app
- Up to 25 endpoints
- Automated OWASP ZAP scanning
- Manual verification of findings
- OWASP Top 10 vulnerability testing
- Authentication & session testing
Additional endpoints: $25/endpoint
What's Included in All Packages
- Detailed findings report with severity ratings (Critical, High, Medium, Low, Informational)
- Remediation guidance for each identified vulnerability
- Executive summary suitable for stakeholder communication
- Evidence including screenshots, request/response samples, and proof-of-concept notes
- One post-remediation verification test at no additional cost. Additional re-tests: $250 each.
What's Not Included
- Testing of third-party services, APIs, or integrations not owned by you
- Social engineering or phishing assessments
- Physical security testing
- Denial of Service (DoS) testing
- Testing against production environments (staging only for pentest)
- Compliance certifications or formal audit reports (SOC 2, PCI-DSS, etc.)
- Code remediation or fixes — this is an assessment service only
What You'll Need to Provide
- For SAST: Read access to the application source code (via repository access or archive)
- For DAST: List of in-scope endpoints and any authentication credentials required for testing
- For penetration testing: An isolated staging environment that mirrors production. If you cannot provide one, I can deploy your application in an isolated container on my infrastructure. You'll need to provide application code/build artifacts, sanitized database exports (no production data), and environment configuration details. Staging environment setup: $150 one-time fee.
- Point of contact for technical questions during the engagement
Note: Security testing requires a signed authorization document before we begin. This protects both parties and ensures testing is conducted legally.
Timeline
- Kickoff & Scoping: 1-2 business days
- Testing Phase: 5-10 business days (depending on scope and complexity)
- Report Delivery: Within 5 business days of testing completion
- Re-test Window: Must be scheduled within 60 days of initial report
- Remediation Report Delivery: Within 5 business days of re-test completion via addendum to the original report
Payment
- 50% due upon signed agreement, before testing begins
- 50% due upon delivery of final report
Ready to secure your application?
Get StartedBy proceeding, you agree to our Service Terms & Conditions