Pricing

Simple, Transparent Pricing

Security consulting and penetration testing packages. No hidden fees. Start with Security on Demand (INR 9,999, fully refundable) or jump straight to a pentest.

Need Security Guidance?

Security Consulting

Zero-risk entry points. Start here if you're unsure what you need.

1 USD ≈ ₹84, 1 EUR ≈ ₹90 (snapshot 2026-04-30) · International engagements invoiced in your local currency.

Start Here

Security on Demand

Zero risk, one-time

INR 9,999 + taxes

~$120 / ~€110

Full refund if you don't continue. Continue with us, and the INR 9,999 comes off your next engagement.

4 Hours Founder-Led
Both founders work on your session directly. No junior analysts, no account managers, no sales calls.
1-2 Fixes or Diagnosis
Not a slide deck. We fix or document real security issues in your stack during the session.
Clear Next Step
You get a recommendation: pentest, retainer, or you're good for now. No upsell pressure.
Zero Risk: 100% Refundable
Don't continue? Full refund, no questions asked. Continue with us, and the INR 9,999 comes off the price.
Same Senior Team
Rathnakara (co-founder) holds OSCP and CompTIA PenTest+. Senior team adds CISSP, CEH, and ISO 27001 Lead Auditor. Same team on every engagement. No handoffs.

Best Suited For: You have security gaps but don't know where to start or who to trust.

Book 4 Hours

Security Retainer

Deeper engagement, one-time

INR 24,999 + taxes

~$300 / ~€280

One-time purchase. 30-day validity + free 30-day extension if needed.

10 Hours Founder-Led
Both founders work on your tasks directly. Enough time for meaningful deliverables, not just advice.
Your Pick: Reviews, Hardening, or Advisory
Architecture review, cloud hardening, SDLC guidance, policy docs, incident response planning. You decide.
Test-Drive Before Fractional Security
See how we work before signing a 3-month fractional engagement. If it's a fit, the transition is direct.
30-Day Validity + Free 30-Day Extension
Use the 10 hours at your pace. If you need more time, one free extension. Non-refundable.
Same Senior Team
Rathnakara (co-founder) holds OSCP and CompTIA PenTest+. Senior team adds CISSP, CEH, and ISO 27001 Lead Auditor. Same team on this retainer as on your fractional engagement. No bait and switch.

Best Suited For: You want real deliverables before signing a 3-month fractional engagement. This is the proving ground.

Book 10 Hours
Need a Pentest Report?

Penetration Testing

AI, Web, API, Android, iOS, Cloud, and IoT. Pick the plan that fits your scope.

1 USD ≈ ₹84, 1 EUR ≈ ₹90 (snapshot 2026-04-30) · International engagements invoiced in your local currency.

Startup Pentest Plan

For early-stage startups

INR 74,999 + taxes

~$900 / ~€830

1 Scope Included i 1 scope = 1 application type. E.g., your web app is 1 scope, your API is another. Each scope gets a dedicated 7-day testing window. Need 2+ scopes? The Growth plan is built for that.
Pick one: your web app, API, mobile app, cloud, or IoT. One target, tested thoroughly.
Investor-Ready Report i Technical report has full vulnerability details, reproduction steps, and fix guidance. Executive report is a 2-page summary with risk ratings for leadership.
Technical details for your dev team + executive summary for your investor or enterprise client.
Methodology i Industry-standard methodology covering the OWASP Top 10 vulnerability categories and PTES (Penetration Testing Execution Standard) framework.
OWASP Top 10 + PTES (Standard Grey-box Pentest).
Report in 7 Calendar Days i 7 calendar days from kick-off to final report delivery. 5 working days of active testing.
Not 3 weeks. Kick-off to final report in one week, so your investor deadline doesn't slip.
1 Full Retest i After you fix the vulnerabilities we found, we retest everything to confirm fixes are effective. Scheduled within 30 calendar days of v1.0 initial report. Completes in 1-3 business days on our side.
Full retest scheduled within 30 calendar days of the initial report. Completes in 1-3 business days on our side. No extra charge. Your report shows "remediated" not "open".
Brand Protection Snapshot i During recon, we check for typosquatting domains, fake apps impersonating your brand, leaked credentials on the dark web, and phishing infrastructure targeting your company.
We check if anyone is impersonating your domain, if your credentials are leaked, and what's exposed on the dark web.
+1 Scope at INR 44,999 (~$540 / ~€500) i Adding the second scope adds 3 calendar days to delivery: 10 calendar days total for 2 scopes (8 working days + weekend). Need 2 scopes with compliance mapping, 2 retests, and deeper testing? The Growth plan includes all of that for INR 1,79,999. Better value for multi-scope engagements.
Max 2 scopes on this plan. +3 calendar days to total delivery (10 days for 2 scopes). Need more? The Growth plan is built for that.

Best Suited For: An investor or enterprise client asked for a pentest report. You have one or two apps to test and no compliance deadline.

Book Startup Pentest
Most Popular

Growth Pentest Plan

For scaling businesses

INR 1,79,999 + taxes

~$2,150 / ~€2,000

1 Scope + 1 Extra Scope Included i 2 scopes total = 2 application types tested (1 base + 1 extra included in the Growth Plan price). E.g., web app + API, or Android app + iOS app. Each platform counts as a separate scope.
Test your web app + API together, or any two targets. Most startups have at least two attack surfaces.
Investor-Ready Report + Compliance Mapping i Technical report has full vulnerability details, reproduction steps, and fix guidance. Executive report is a 2-page summary for leadership. Compliance mapping ties findings to SOC 2 Trust Services Criteria and ISO 27001 Annex A controls.
Technical report + executive summary + every finding mapped to SOC 2 and ISO 27001 controls. Your auditor can use the report directly.
Methodology i Beyond standard methodology. Includes chained exploits, privilege escalation, and lateral movement simulation on top of OWASP Top 10 and PTES coverage.
OWASP Top 10 + PTES + Real-world Attack Simulation.
Report in 10 Calendar Days i 10 calendar days from kick-off to final consolidated report (8 working days + weekend). Parallel-or-sequential choice applies to additional scopes only. See the +1 Scope feature for details.
Deep enough to catch business logic flaws, fast enough for your deadline.
1 Full Retest + 1 Sanity Retest Included i Full retest scheduled within 30 calendar days of v1.0 initial report (after your first round of remediation). Sanity retest scheduled within 15 calendar days of full retest (after final fixes). Each retest completes in 1-3 business days on our side. No extra charge.
Full retest within 30 calendar days of initial report. Sanity retest within 15 calendar days of full retest. Your report closes clean.
Brand Protection Snapshot i During recon, we check for typosquatting domains, fake apps, leaked credentials on the dark web, and phishing infrastructure targeting your company.
Domain impersonation, leaked credentials, dark web exposure. Know what attackers already know about you.
+1 Scope at INR 74,999 (~$900 / ~€830) i Each additional scope adds 5 calendar days to delivery (default sequential). Parallel testing available up to 3 scopes simultaneously to compress the window, same price either way. Each scope gets its own dedicated testing window, findings section, and compliance mapping.
No limit on scopes. +5 calendar days per additional scope. Parallel testing up to 3 scopes for faster delivery, same price. Add as many as you need.

Best Suited For: You need two attack surfaces tested together (e.g., web app + API), or an auditor needs SOC 2 / ISO 27001 evidence from your pentest.

Book Growth Pentest
Proposal-Only

Compliance, CTI & Fractional Security

Scoped per engagement. Talk to us for pricing.

Compliance as a Service

SOC 2 Type 2 & ISO 27001 internal audit prep: gap assessment, control mapping, and policy documentation. Pairs naturally with pentest evidence.

Scoped per engagement

Cyber Threat Intelligence

Dark web monitoring, leaked credential detection, brand impersonation alerts, and industry threat reports. Every pentest includes a CTI snapshot. Need deeper coverage? Start with a one-time assessment or upgrade to continuous monitoring.

One-time or continuous (monthly/quarterly)

Fractional Security Team

Dedicated AppSec, InfraSec, or GRC hours. Vulnerability management, security monitoring, IAM audits, SDLC integration, and incident response planning. 2 to 8 hrs/day, 3-month minimum.

3-month minimum commitment

Talk to us about these services
Before You Decide

Recommended Reading

How Much Does Pentesting Cost in India?

What fair pricing looks like, what drives cost up or down, and what to watch for in a pentest quote.

How to Scope Your First Penetration Test

Avoid overspending on a pentest that tests the wrong thing. A founder-friendly scoping guide.

What a Good Pentest Report Looks Like

What separates a report worth paying for from one that wastes your money.

Pricing FAQ

What is the difference between the Startup and Growth pentest plans?

The Startup plan covers 1 scope in 7 days with a technical report, executive summary, free retest, and Brand Protection Snapshot. The Growth plan covers 2 scopes in 10 days and adds SOC 2 + ISO 27001 compliance mapping, a second sanity retest, and real-world attack simulation beyond OWASP Top 10. Choose Growth if you have a compliance deadline or an enterprise deal in the pipeline.

How long does the full engagement take, including retests?

Startup engagements run 7 calendar days from kickoff to v1.0 initial report (or 10 days for 2 scopes). After v1.0, you have a remediation window of 30 calendar days before our retest. The retest itself takes 1 to 3 business days, after which the report is closed. Total worst case: roughly 37 to 40 calendar days. Growth engagements run 10 calendar days to v1.0 (2 base scopes), then a remediation window of 30 calendar days before the full retest, then a window of 15 calendar days before the sanity retest. Each retest takes 1 to 3 business days. Total worst case: roughly 55 to 60 calendar days. If your team remediates faster, the engagement closes faster. These are upper bounds, not minimums.

What is the difference between parallel and sequential testing?

For Growth Plan engagements with additional scopes (3rd scope onwards), you can choose parallel or sequential testing at no extra cost. Parallel means scopes are tested simultaneously, compressing the total delivery window. Sequential means scopes are tested one at a time, lighter coordination on your team's side. Same fixed price either way. Parallel testing is recommended for engagements up to 3 scopes simultaneously; larger engagements (4+) run hybrid or sequential by default to maintain testing depth. The base 2 scopes on Growth are always tested in parallel within the published delivery window. That is the floor, not a choice.

Can I add more scopes after the engagement starts?

Yes, you can add scopes during scoping or after the engagement starts. Startup Plan caps at 2 scopes total (1 base + 1 additional at INR 44,999, with +3 calendar days = 10 days total for 2 scopes). Growth Plan has no scope limit (each additional scope at INR 74,999, with +5 calendar days). For 3+ scope engagements on Growth, you can choose parallel testing to compress the timeline. Adding scopes during the engagement is possible but extends the calendar days and requires a scope confirmation note in writing before testing begins on the new scope.

What is a sanity retest and why does Growth have two retests?

Growth Plan includes 2 retests on a structured cadence. The full retest happens within 30 calendar days of v1.0, after your first round of remediation. We retest every finding to verify fixes. The sanity retest happens within 15 calendar days of the full retest, after any final tweaks (typically the 1 to 2 findings still open after the first retest). Together, they close the report with all findings marked Remediated, Risk Accepted, or Compensating Controls in Place. Startup Plan includes 1 retest within the same 30 calendar day cadence, sufficient for single scope engagements where a single round of fixes typically closes everything cleanly.

What counts as one scope?

One scope is one application surface tested as a complete unit. Examples: a web application is 1 scope, a REST API is 1 scope, an Android app is 1 scope, an iOS app is 1 scope. Web app + API = 2 scopes (separate surfaces, different attack vectors). iOS + Android = 2 scopes (separate platforms, separate code, separate runtime). A microservices backend with 3 distinct services may count as 1 scope or 3 scopes depending on whether they share authentication and architecture. We confirm scope count during scoping before final pricing. If you are unsure, send us your architecture and we will tell you what we would count as a single scope.

What is real-world attack simulation, and why does Growth include it?

Real-world attack simulation tests beyond the OWASP Top 10 baseline by simulating how a determined attacker would actually compromise your application. This includes chained exploits (using one finding to amplify another), privilege escalation (moving from a regular user to admin), and lateral movement (accessing systems outside the initial entry point). We also test business logic flaws specific to your application such as payment race conditions, IDOR in financial flows, and authorization gaps in tenant-isolated data. Growth Plan includes this because compliance buyers and enterprise customers expect their pentest to demonstrate not just OWASP coverage but that the application can withstand a focused attacker. Startup Plan covers OWASP Top 10 + PTES standard methodology, sufficient for buyers without active enterprise or audit pressure.

What does the SOC 2 + ISO 27001 compliance mapping include?

Each finding in the Growth Plan report is mapped to specific control requirements in two frameworks. SOC 2 mapping covers the Trust Services Criteria 2017, typically CC6.1 (logical access security), CC6.3 (role-based access), CC6.6 (system boundaries), CC7.2 (monitoring), and CC8.1 (change management) for a typical web or API engagement. ISO 27001 mapping covers Annex A controls, typically A.9 (access control), A.13 (communications security), A.14 (system acquisition, development, and maintenance), and A.12.4 (event logging). The compliance evidence package is delivered as a separate section of the report and can be handed to your auditor as direct evidence of penetration testing, findings, and remediation. Useful for SOC 2 Type 1, SOC 2 Type 2, and ISO 27001 internal or external audits.

What is the Brand Protection Snapshot?

During the discovery phase of every pentest, we check for typosquatting domains, fake mobile apps impersonating your brand, leaked credentials on the dark web, code exposure on public repos, and phishing infrastructure targeting your company. Included with both pentest plans at no extra cost. See it in our sample report →

How much does penetration testing cost in India?

Cyber Secify offers penetration testing starting at INR 74,999 for a single scope (web, API, Android, iOS, cloud, or IoT) with delivery in 7 calendar days. The Growth Plan at INR 1,79,999 includes 2 scopes, delivery in 10 calendar days, compliance evidence, and 2 retests. All prices exclude taxes.

Can I see a sample report before buying?

Yes. We publish a full redacted sample showing the exact structure, finding format, compliance mapping, and Brand Protection Snapshot you receive. You can view it online or download it as a PDF. View sample report →

Still have questions?

Book a 30-min call with Ashok. We'll talk through your scope, your timeline, and which plan actually fits. No sales pressure.

Book a 30-min call with Ashok Or send a written inquiry →