IronSights

Pricing · Penetration testing

How much does penetration testing cost in Australia?

A straight answer on what it costs, and how to tell a test that finds real problems from one that just produces a PDF.

Most providers hide their pricing behind a contact form. Below are the ranges Australian businesses actually pay, and what sits behind each number.

Get a quoteSee the ranges
Fixed-price quotes
CREST-aligned methodology
30-day free retest included

The short answer

What a pen test costs in Australia.

These are typical ranges for manual testing by accredited testers. Automated tools start cheaper, but they are a different product, covered further down.

Assessment typeTypical range (AUD)
External network$3,000 – $8,000
Internal network$5,000 – $15,000
Web application$4,000 – $12,000
Wireless (WiFi)$2,500 – $6,000
Full-scope engagement$15,000 – $50,000+

Ranges are a planning guide, not a quote. The final figure depends on the size of your environment and what you need tested. A scoping call settles it quickly.

Get a fixed-price quote

Where the number comes from

What drives the cost up or down.

Two quotes can look very different for the same job. Five things explain almost all of the gap.

  1. Scope

    The size of what you are testing. A handful of external IPs costs far less than a sprawling internal network. Number of applications, user accounts, and physical sites all feed the price.

  2. Manual versus automated

    An automated scan runs in hours for a few hundred dollars. Manual exploitation by an experienced tester takes days and finds what scanners miss. They are different products, and the price reflects it.

  3. Report depth

    A raw scanner export is cheap. A risk-rated report with reproduction steps, an executive summary, and remediation guidance takes skilled time to write.

  4. Retest policy

    Some providers charge again to confirm your fixes worked. Others build a retest window into the original fee. Check what each quote includes before you compare the headline number.

  5. Tester accreditation

    Certified, locally based testers cost more than an offshore scan-and-send. They also understand Australian obligations like the , APRA CPS 234, and the Privacy Act.

By assessment type

What each test covers.

Most businesses start with one or two of these. A full-scope engagement bundles several together and is priced as a programme.

$3,000 – $8,000

External network

Tests your internet-facing infrastructure the way an outside attacker would. Usually the first test a business runs and the most cost-effective place to start.

See scope detail
$5,000 – $15,000

Internal network

Assumes an attacker is already inside, through a email or a rogue device. Maps how far they could move and what they could reach.

See scope detail
$4,000 – $12,000

Web application

Tests a specific application against the OWASP Top 10 and business-logic flaws. Cost scales with the number of roles, inputs, and features in scope.

See scope detail
$2,500 – $6,000

Wireless (WiFi)

Checks your wireless networks for weak encryption, rogue access points, and segregation gaps between guest and corporate traffic.

See scope detail

Value, not just price

What the fee should include.

The cheapest quote is rarely the best value. A fair price should cover all of the following before you compare two numbers.

Scoping call

A conversation to define exactly what gets tested, the rules of engagement, and the timeline before any work begins.

Manual exploitation

Human testing using real attack techniques, not an automated scan with a logo on the cover.

Risk-rated report

Every finding rated by likelihood and impact, with reproduction steps and an executive summary for the board.

Technical debrief

A walkthrough of the findings with your team so the report does not just sit in an inbox.

Remediation guidance

Step-by-step fix instructions written for the engineers who have to implement them.

Retest window

We validate your fixes within 30 days of the report at no extra cost. Confirmation the issues are actually closed.

See what IronSights includes in every assessment

Before you sign

Red flags in a cheap pen test.

A low price often means a smaller job than you think. These are the signs a quote is cheap for the wrong reasons.

  • An automated scan sold as a penetration test.
  • No manual exploitation written into the scope of work.
  • A template report with your company name swapped in.
  • No retest, so you pay again to confirm your fixes worked.
  • Offshore testers with no grounding in Australian compliance.

How we quote

How IronSights prices an assessment.

We quote on fixed scope, not open-ended day rates. You know the number before the work starts, and it does not move unless the scope does.

It begins with a short scoping call to understand what you want tested and why. From there we put a written scope and a fixed-price quote in front of you within five business days. There is no lock-in, and you are free to walk away.

Want the detail on how the testing itself runs? Our penetration testing methodology walks through every stage, from reconnaissance to the final report.

Common questions

Asked by buyers like you.

Not in this list? Email hello@ironsights.com.au or book a 30-minute consultation. No obligation.

  1. Is penetration testing worth it for a small business?

    Yes. Smaller businesses are targeted precisely because attackers assume their defences are thinner. A scoped external test is an affordable starting point and often satisfies and tender requirements at the same time.

  2. How long does a penetration test take?

    Scope drives the timeline. An external test usually runs two to five days of active testing. Internal and web application tests depend on complexity. We give you a firm timeline at scoping, not a guess.

  3. Do I need a penetration test for Essential Eight compliance?

    The does not mandate a on its own, but testing is the practical way to prove your controls hold up against a real attacker. We map findings to the Essential Eight so the work feeds your compliance posture.

  4. How often should we run a penetration test?

    Once a year is the common baseline, plus a test after any major change to your environment, such as a new application, a cloud migration, or an office move. Annual testing is also where most policies and tenders set the bar.

  5. What is the difference between a vulnerability scan and a penetration test?

    A vulnerability scan is automated and lists potential weaknesses. A has a human exploit those weaknesses, chain them together, and prove the real-world impact. A scan tells you a door might be unlocked. A pen test walks through it.

  6. Can you test outside business hours?

    Yes. For sensitive or production environments we agree on a testing window up front, including out-of-hours work where it reduces operational risk. That is settled in the rules of engagement before testing starts.

First step

Get a fixed-price quote in under a week.

If you know roughly what you want tested, we can have a scope and a firm quote in front of you within five business days, with no lock-in.

Get a quote