How do you estimate a price for a penetration test/application security audit?

Hello guys,
I have been trying for some time to figure out what is a good way to estimate a “fair” price for a penetration testing activity. I’ve searched online quite a bit, and everyone always says the same thing: consider timing, number of dynamic pages/endpoints/api, etc.
However, I haven’t found “standard” numerics or practical examples to take inspiration from.

So in case you are also involved (or have been involved in the past) in determining prices for your pentest/appsec activities, how did you estimate it?

Thanks :blush:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.