Reference / Operator

About PenetrationTestingCost.com

An independent reference for the cost of penetration testing engagements. Operated by Digital Signet, founded by Oliver Wakefield-Smith. Built so the budgeting question for external network, web app, internal, mobile, cloud, red team and CREST/CHECK-aligned penetration tests can be answered without a sales call.

What this site does

Pen testing pricing varies more than almost any other security service: a 'web app pen test' costs anywhere from £4k to £40k depending on app size, scope, tester credentials (CREST, OSCP, CRTL), depth (vulnerability scan vs full red team), and country. Most published guidance comes from pen testing firms that quote on the request form. This site exists to publish defensible per-engagement cost bands by test type, scope band and credential level, with a calculator that takes scope inputs and returns a working budget figure.

About the operator

Oliver Wakefield-Smith, founder of Digital Signet
Oliver Wakefield-Smith
Founder, Digital Signet

Oliver runs Digital Signet, an independent AI-development studio that builds data-led pricing and decision tools using public datasets. After 20 years as a solutions architect and tech lead across media, utilities, satellite, and data, he founded Digital Signet to apply autonomous AI development methodology to real software at scale.

Reach Oliver: [email protected]. Profile: LinkedIn.

Digital Signet, the wider network

This site is operated by Digital Signet, an independent AI-development studio founded by Oliver Wakefield-Smith. It is part of a portfolio of consumer cost-reference and calculator sites we run as a live R&D lab for our Signet methodology, an autonomous AI development team that ships real software at scale.

Digital Signet does not run a penetration testing practice, does not act as a CREST or CHECK assessor, does not sell pen testing services, and does not accept paid placements from any pen testing firm. Editorial direction is set by Oliver. Drafts are produced via Digital Signet's autonomous AI development methodology and reviewed against the editorial framework before publication.

For consulting enquiries (fractional CTO, AI product strategy, autonomous-dev-team setup): see digitalsignet.com.

How we operate

  • Source pattern. Built on public reference material across the relevant publisher landscape.
  • No paid placements. Does not run a penetration testing practice, does not act as a CREST or CHECK assessor, does not sell pen testing services, and does not accept paid placements from any pen testing firm. Independent of every named third party in the relevant space.
  • Math is documented inline. Where the site has a calculator, inputs and assumptions are visible on the calculator page. Nothing is hidden behind opaque scoring.
  • Update only when underlying reality changes. Triggers: Material movement (10%+) in published UK pen-testing day rates over a 12-month sample; CREST or NCSC CHECK scheme guidance change; Major shift in published firm engagement-pricing structure.

Contact

For corrections, methodology questions, or scenarios that don't fit cleanly: [email protected].

Read next

How we source pricing

Sources and refresh discipline.

Updated 2 May 2026