VulnerabilityScanPro
About Services Pricing Case Studies Blog Contact
Sign in Create account
// pricing.tiers()

Pay once. Scan honestly.

All plans run our scanner against your URL. Higher tiers add a human review pass, framework-mapped output, or recurring coverage. No black box, no enterprise pen-test pricing.

PLAN_01
Quick Health Check
Fast automated scan to flag the obvious stuff.
$9.99
// one-time · 24 hours
  • 1 domain · 1 scan
  • Automated scanner (OWASP ZAP)
  • SSL/TLS configuration grade
  • Security headers check
  • Top findings with CVSS severity
  • 1-page PDF, emailed
  • 7-day result archive
Initiate scan
PLAN_02
Surface Scan
Wider automated scan with a structured report.
$13.00
// one-time · 48 hours
  • Everything in Quick Health Check
  • Up to 3 subdomains
  • OWASP Top 10 check coverage
  • Cookie, CORS & CSP policy checks
  • Open-port & exposed-service scan
  • Multi-page severity-ranked PDF
  • 14-day result archive
Initiate scan
Compliance
PLAN_03
Compliance Pack
Automated scan with output mapped to SOC 2 / PCI / HIPAA controls.
$98.00
// one-time · 7 business days
  • Everything in Surface Scan
  • Pick one: SOC 2 / PCI-DSS / HIPAA
  • Findings tagged to control IDs
  • Evidence pack (PDF + JSON)
  • Gap list with priority labels
  • Sample policy templates (3)
  • 60-day result archive
Initiate scan
Most Popular
PLAN_04
Full Audit
Automated scan plus a human review pass.
$99.00
// one-time · 5 business days
  • Everything in Surface Scan
  • 1 web app + 1 API host
  • ~1 hour analyst review pass
  • False-positive filtering
  • Remediation notes per finding
  • Email Q&A · 14 days
  • 1 free re-scan after fixes (30 days)
Initiate scan
Pro
PLAN_05
Pro Retainer
4 Surface Scans per year + regression alerts.
$119.00
// one-time · First scan in 5 business days
  • Surface Scan · 4× per year
  • Up to 3 web apps
  • Regression alerts between scans
  • Priority email Q&A (1 business day)
  • Trend report (severity over time)
  • 90-day result archive
  • Unlimited free re-scans after fixes
Initiate scan

30-day refund

Not satisfied with what we delivered? Email us within 30 days and the charge gets reversed — no debate.

Re-scan after fixes

Full Audit and above include a free re-scan within 30 days of the original report so you can verify your fixes landed.

Open tooling

We use OWASP ZAP, Nuclei, openssl, and similar OSS scanners. The report tells you which tool produced each finding — no black box.

Pricing questions

Because the work is mostly automated. We run open-source scanners (OWASP ZAP, Nuclei, openssl) against your URL and turn the output into a clean PDF. The Full Audit adds about an hour of analyst review — not a senior pen-tester sweep, just a human filtering false positives and writing remediation notes.
For larger scopes — multiple environments, recurring scans for many domains, or things outside our standard plans — reach out via the contact page. We can quote a custom engagement.
Visa and Mastercard via Authorize.Net Accept.js. Card data is tokenised on the client; we never store full card numbers.