Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
Pricing
(Simple & transparent; as it should be)
We like to think our pricing is pretty straightforward, and are the only platform to publicly publish pricing across all product lines. We'll briefly outline how pricing works, and then also provide a handy chart that compares our pricing relative to the existing options in the space.
For an accurate estimate of how much a pentest or assessment will cost, we recommend using our Pentestimator tool below.
Pentestimator
Some other items worth being aware of for VDP and bounty pricing:
Do note that some of the providers here may offer additional features (such as triage / validation) in their pricing. However, even after taking those additional services into account (some of which we think are not necessary - for more on that, we recommend reading the "Why don't you include triage and validation when the other major players (HackerOne, Bugcrowd, et al) seem to include it?" FAQ on our Bug Bounty page).
VDP Pricing
- 25 or fewer reports per year (measured on a quarterly basis):
- FREE.
- No caveats, no restrictions, no denying certain features or functionality, no nonsense.
- Greater than 25 reports per year (meansured on a quarterly basis):
- $3* per report.
- If you aren’t happy with our platform or services after 90 days, we’ll refund or not charge you the per report fee – no questions asked (well, we’d certainly like to know why you’re unhappy, but you don’t have to answer).
- That's it.
Bug Bounty Pricing
- 25 reports or fewer per year (measured on a quarterly basis):
- FREE.
-
7% on reward amounts.
(For free bug bounties, we do have to add a 7% payment processing fee on all rewards (if there are no rewards paid, then there's cost here). This is to cover the cost of the upstream payment fees, currency conversion fees, identify verification, sanctions/AML checks, and to keep the lights on round here.) - Greater than 25 reports per year (meansured on a quarterly basis):
- $3* per report.
-
6% on all reward amounts.
(To cover the cost of the upstream payment fees, currency conversion fees, identify verification, sanctions/AML checks, and to keep the lights on round here.)
- If you aren’t happy with our platform or services after 90 days, we’ll refund or not charge you the per report fee – no questions asked (well, we’d certainly like to know why you’re unhappy, but you don’t have to answer). Do keep in mind that reward payments and the % payment processing fee is not refundable.
- That's it.
Pentest Pricing
- Fractional Pentesting:
- Varies.
- Fractional pentesting engagements are put out to bid by qualified testers. The final amount will vary, based on their hourly rate. On average, one can expect an effective hourly rate anywhere from $75-$250 (though highly complex requirements may be more).
- The Standard / The Essentials:
- Varies.
- The cost of a high-level assessment (The Essentials) or penetration test (The Standard) will vary based on the scope and nature of the assessment. Smaller scopes will be significantly cheaper than more complex ones. Note that there is an "economy" version for both The Standard and The Essentials, that can cost significantly less than the Core version, but does come with features omitted (such as QA, etc).
Some other items worth being aware of for VDP and bounty pricing:
- You can pay annually with a contract, or quarterly with or without a contract. If you prefer to pay a lump sum up front, we can estimate the number of reports you'll likely get for the year, and structure things that way.
- If you receive a large amount of spam reports (say, one person makes hundreds of reports), we won't charge you for those reports. Some noise is often part of a bounty program, but it is not reasonable that we make you pay for excessive noise.
- Note that the rate per report for pay-as-you-go (non-contract) is $4, as opposed to the $3 contract rate.
Pricing comparison
Here's a quick comparison of how DarkHorse stacks up against other providers in the space.Do note that some of the providers here may offer additional features (such as triage / validation) in their pricing. However, even after taking those additional services into account (some of which we think are not necessary - for more on that, we recommend reading the "Why don't you include triage and validation when the other major players (HackerOne, Bugcrowd, et al) seem to include it?" FAQ on our Bug Bounty page).