Service Pricing
At Cyberoptic Security, we offer two clear pricing models: fixed price packages for standard engagements, and day rate pricing for more complex or customised work.
Fixed pricing is available for well-defined services like web application testing, external penetration tests and Microsoft 365 reviews. These packages are time-boxed and scoped for typical environments, making them ideal for small to medium businesses. You know exactly what you’re getting and what it will cost, with no surprises.
For environments that are larger, unusual, or need deeper testing, we use a day rate model. This is common for multi-site internal networks, multi-cloud deployments, or when a client needs multiple systems reviewed under a single engagement. Day rate pricing gives us the flexibility to tailor the work while keeping you in control of the time and budget.
By offering both options, we can deliver high-quality testing to clients of all sizes, whether you need a focused assessment or a comprehensive security review.
Web Application Penetration Test
We perform a manual penetration test of your web application to uncover security flaws. Focus areas include authentication, session handling, injection, and access control.
Common Engagement Length:
3-10 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$6,200
Fixed Price Criteria:
Covers a single web application with up to 10 key functional pages and two user roles. The application must not include complex integrations (e.g., third-party payment gateways or external APIs).
API Penetration Test
We test your API endpoints for issues like broken authentication, authorisation flaws, and insecure data exposure. This includes both expected and malicious usage patterns.
Common Engagement Length:
3-8 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$4,600
Fixed Price Criteria:
Fixed pricing applies to APIs with up to 25 documented endpoints, supporting one authentication method and two user roles. Access to documentation and a working test account must be provided.
Mobile Application Security Assessment
We test your mobile application for common security flaws on Android or iOS. The assessment includes both static and dynamic analysis.
Common Engagement Length:
4-6 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$6,200
Fixed Price Criteria:
Applies to a single mobile application on Android or iOS with no more than 2 primary user roles. Source code access is required and credentials for dynamic testing must be provided.
External Network Penetration Test
We simulate real-world attacks against your internet-facing systems to uncover exploitable vulnerabilities. This includes manual testing of exposed services, ports, and authentication mechanisms.
Common Engagement Length:
2-4 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$3,100
Fixed Price Criteria:
Applies to external network environments with up to 5 public-facing IPs or services, such as VPN gateways, firewalls, and basic web portals. Target systems must be reachable without complex authentication or load balancing.
Microsoft 365 Secure Configuration Review
We assess the security configuration of your Microsoft 365 environment. Focus is on identity, email security, permissions, and authentication policies.
Common Engagement Length:
3-5 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$4,600
Fixed Price Criteria:
Covers one Microsoft 365 tenant with no more than 40 users and one Exchange Online domain. Includes Secure Score analysis and policy configuration review via the admin portal.
Internal Network Penetration Test
We simulate an internal attacker attempting to escalate privileges and access sensitive systems. This is a deep dive into your internal network security.
Common Engagement Length:
5-10 Days
Engagement Day Rate:
$1,900
Fixed Price Rate:
$8,500
Fixed Price Criteria:
Applies to internal environments with up to 50 hosts, and one Windows domain. No complex segmentation or tiered environments should exist.
Cloud Secure Configuration Review
We review your cloud platform for security risks like open storage, risky roles, or poor logging. Misconfigurations are identified using both automated tools and manual inspection.
Common Engagement Length:
4-6 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$4,600
Fixed Price Criteria:
Covers one Cloud account with up to 10 services in use (e.g., EC2/VMs, S3/Blobs, IAM/Entra ID, VPC/VNet, etc.). Must be accessible using read-only credentials with documentation or walkthrough for unusual setups.
Device Secure Configuration Review
A configuration review of network devices such as switches and firewalls, endpoint devices such as workstations and laptops, or physical or virtual servers, to ensure they're securely deployed. We benchmark your devices against best practices and identify misconfigurations or exposures.
Common Engagement Length:
2-4 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$3,100
Fixed Price Criteria:
Covers one device such as a network switch, router, firewall, or standard Windows laptop/desktop). Configurations must be accessible via SSH, web GUI, or management console and available remotely.
Internal Network Vulnerability Scan
We scan your internal network to identify vulnerabilities such as missing patches, insecure services, and exposed credentials. Results are manually validated to ensure accuracy.
Common Engagement Length:
3-5 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$4,600
Fixed Price Criteria:
Applies to internal network ranges with up to 50 active hosts, accessible via VPN other remote access option. No domain admin access is assumed, and targets must not include highly segmented or isolated subnets.
External Network Vulnerability Scan
We perform an automated scan of your internet-exposed assets to identify known vulnerabilities. This service is ideal for regular visibility between full penetration tests.
Common Engagement Length:
3-6 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$3,100
Fixed Price Criteria:
Applies to environments with up to 10 IPs or domains in scope. Vulnerability scanning will be limited to one scan engine and reviewed within 2 business days.
Cloud Attack Surface Assessment
We map your cloud environment and identify all internet-facing services. These are analysed for exposure and tested using external network penetration techniques.
Common Engagement Length:
3-5 Days
Engagement Day Rate:
$1,700
Fixed Price Rate:
$4,600
Fixed Price Criteria:
Fixed pricing applies to a single cloud environment (AWS, Azure, or GCP) with up to 10 internet-facing assets, including virtual machines, load balancers, storage, and APIs. The environment must be accessible with read-only credentials, and testing is limited to externally exposed services identified during the review. The assessment assumes no more than one cloud account/subscription and no complex hybrid or multi-cloud integrations.
Hardware Security Assessment
We assess endpoint or embedded hardware devices for firmware, interface, and physical security risks. This service helps protect against tampering and unauthorised device access.
Common Engagement Length:
5-10 Days
Engagement Day Rate:
$1,900
Fixed Price Rate:
$6,800
Fixed Price Criteria:
Applies to up to one hardware device with Tier 1 testing only. Tier 1 testing is via exposed interfaces that do not require complex soldering or diagnostic analysis. Interfaces include visible ports such as USB, RJ45, etc. and exposed board interfaces such as UART, JTAG, etc.