Pricing — Zero Delta Security

Tier 01

SMB Starter

$7,500/yr

~$625/mo billed annually

For businesses getting serious about security. Two full pentests per year covering your critical external surface.

2 penetration tests per year
Up to 5 external web applications
Internal network assessment
OWASP Top 10 + NIST 800-115 methodology
Executive summary + technical report
Remediation guidance for each finding
Email support (48-hour response)
Free attack surface scan included

Schedule Free Scan

Tier 02

SMB Growth

$12,500/yr

~$1,042/mo billed annually

For growing companies with expanding attack surfaces. Quarterly testing plus API security coverage.

4 penetration tests per year (quarterly)
Up to 10 assets (apps, APIs, networks)
API security testing included
MITRE ATT&CK + OWASP Top 10 frameworks
Detailed remediation playbooks
Retest after remediation (per cycle)
Priority support (24-hour response)
Quarterly security posture briefing

Schedule Free Scan

Tier 03

SMB Continuous

$18,000/yr

$1,500/mo billed monthly available

Unlimited on-demand testing plus continuous attack surface monitoring. Security as a service, not a project.

Unlimited on-demand penetration tests
Continuous attack surface monitoring
All asset types (web, API, network, cloud)
Full framework coverage (MITRE, OWASP, NIST)
Real-time alerting on new exposures
Dedicated security advisor
Same-day support response
Monthly executive security report

Schedule Free Scan

Feature Comparison

Every tier includes real human testing.

Feature	Starter	Growth	Continuous
Pentests per year	2	4	Unlimited
Assets in scope	5 external	10 (any type)	Unlimited
Web app testing	[+]	[+]	[+]
API security testing	---	[+]	[+]
Internal network testing	[+]	[+]	[+]
Cloud config review	---	---	[+]
Continuous monitoring	---	---	[+]
Remediation retesting	---	[+]	[+]
OSCP-certified testers	[+]	[+]	[+]
Executive report	[+]	[+]	[+]
Support SLA	48 hours	24 hours	Same day

Why Us

How we compare to the alternatives.

zds --compare-pricing

$ zds --compare-pricing --market smb

[*] Competitor pricing analysis:

Raxis .............. $5,000-15,000+ (varies, quote required)

Cobalt ............. $8,500+/yr (opaque credit system)

BreachLock ......... contact us (no public pricing)

Big 4 Firms ........ $30,000+ (enterprise-only)

Zero Delta ......... $7,500-18,000/yr (published, all-inclusive)

[+] Key differentiators:

- No credit systems or hidden platform fees

- Price includes retesting (Growth+)

- All testers OSCP/CEH/GPEN certified

- Free attack surface scan before you commit

[*] Run a free scan to see what we find before you pay anything.

Common Questions

No fine print. Seriously.

What counts as an "asset"?

A distinct web application, API endpoint collection, or network segment. A main website and its staging environment are two assets. Subdomains of the same app count as one.

What if I need a one-time test?

Start with the free scan. If you need a single pentest without an annual commitment, contact us — we offer project-based pricing starting at $4,000 for a focused engagement.

Who does the testing?

Certified professionals with OSCP, CEH, and/or GPEN credentials. Every engagement is manual-first — we use automation to scale, but humans find the bugs that matter.

How long does a pentest take?

Typically 5-10 business days from kickoff to report delivery, depending on scope. The free attack surface scan takes about 30 seconds.

Do you sign NDAs?

Yes. Every engagement includes a mutual NDA and a clear scope of work document before any testing begins. Your data stays yours.

Can I upgrade mid-year?

Absolutely. You'll get prorated credit for your current plan applied to the upgrade. No penalties, no waiting periods.

No hidden fees. No credit systems. Just clear pricing.

Every tier includes real human testing.

How we compare to the alternatives.

No fine print. Seriously.