Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
Get In Touch
Pricing
(Simple & transparent; as it should be)
We like to think our pricing is pretty straightforward, and are the only platform to publicly publish pricing across all product lines. We'll briefly outline how pricing works, and then also provide a handy chart that compares our pricing relative to the existing options in the space. If you're looking for a one stop shop experience, check out our "ALL-IN" pricing below.
If you find yourself asking "how is it possible to offer these services for so little", you're right to ask that question. We'd be asking the same thing. The short answer is that:
Some other items worth being aware of for VDP and bounty pricing:
Do note that some of the providers here may offer additional features (such as triage / validation) in their pricing. However, even after taking those additional services into account (some of which we think are not necessary - for more on that, we recommend reading the "Why don't you include triage and validation when the other major players (HackerOne, Bugcrowd, et al) seem to include it?" FAQ on our Bug Bounty page).
If you find yourself asking "how is it possible to offer these services for so little", you're right to ask that question. We'd be asking the same thing. The short answer is that:
- You're being over-charged. The other players are focused on keeping gigantic margins; we're focused on making you secure.
- The other players in the space have a lot of bloat. We cut out the bloat and pass those savings along to you.
All-You-Can-Use VDP & Bug Bounty Pricing
No caveats, no restrictions, no denying certain features or functionality, no nonsense. Use bug bounty and / or VDP as much as you need, for the same base rate.
- 25 reports or fewer per year:
- FREE.
- 7% on reward amounts (only applies to bounties paid).*
- Up to 100 reports per year:
- $500/ year
- 6% on reward amounts.*
- Up to 250 reports per year:
- $750/ year
- 6% on reward amounts.*
- Up to 500 reports per year:
- $1500/ year
- 6% on reward amounts.*
- Up to 1000 reports per year:
- $5000/ year
- 6% on reward amounts.*
- If you aren’t happy with our platform or services after 90 days, we’ll refund or not charge you the per report fee – no questions asked (well, we’d certainly like to know why you’re unhappy, but you don’t have to answer). Do keep in mind that reward payments and the % payment processing fee is not refundable.
- That's it.
Pentest Pricing
- Fractional Pentesting:
- Varies.
- Fractional pentesting engagements are put out to bid by qualified testers. The final amount will vary, based on their hourly rate. On average, one can expect an effective hourly rate anywhere from $75-$250 (though highly complex requirements may be more).
- The Standard / The Essentials:
- Varies. (starts as low as $500)
- The cost of a high-level assessment (The Essentials) or penetration test (The Standard) will vary based on the scope and nature of the assessment. Smaller scopes will be significantly cheaper than more complex ones.
- Note that there is an "economy" version for both The Standard and The Essentials, that can cost significantly less than the Core version, but does come with features omitted (such as QA, etc).
- For an accurate estimate of how much a pentest or assessment will cost, we recommend using our Pentestimator tool below.
ALL-IN Package
Want all your proactive security needs covered in one place for one price? For you, we’ve built our ALL-IN pricing option. With any other provider, this solution would cost hundreds of thousands of dollars; here, we’re making it affordable.
- UNLIMITED reports to your public vulnerability disclosure program
-
UNLIMITED bug bounty reports
- You can fund your bounty pool and make unlimited payments with as much money as you want, with only a 6% processing fee on any funding amounts.
- One five day standard pentest for an external webapp or network.
- One manual vulnerability assessment for an external webapp or network.
- $15,000 flat cost for SMB; $25,000 for enterprise.
- Unlimited public VDP = $10-$50k
- Unlimited bug bounty = $50-$250k
- Five day pentest = $10k+
- Manual assessment = $3-$5k
- Total = $73k-$315k!
- Savings with DarkHorse = $58-$290k!
Some other items worth being aware of for VDP and bounty pricing:
- * = For free bug bounties, we do have to add a 7% payment processing fee on all rewards (if there are no rewards paid, then there's cost here). This is to cover the cost of the upstream payment fees, currency conversion fees, identify verification, sanctions/AML checks, and to keep the lights on round here. For paid bug bounties, it's 6%.
- All report amounts are measured on a pro-rated, quarterly basis.
- You can pay annually with a contract, or quarterly with or without a contract. If you prefer to pay a lump sum up front, we can estimate the number of reports you'll likely get for the year, and structure things that way.
- If you receive a large amount of spam reports (say, one person makes hundreds of reports), we won't charge you for those reports. Some noise is often part of a bounty program, but it is not reasonable that we make you pay for excessive noise.
- Unless agreed otherwise, anything over the target # of reports will be trued up at the end of the contract periord (quarterly or annually) at $5 per report (there is a ~5% grace allowance). Note that the rate per report for pay-as-you-go (non-contract) is $6, as opposed to the $5 contract rate.
Pricing comparison
Here's a quick comparison of how DarkHorse stacks up against other providers in the space.Do note that some of the providers here may offer additional features (such as triage / validation) in their pricing. However, even after taking those additional services into account (some of which we think are not necessary - for more on that, we recommend reading the "Why don't you include triage and validation when the other major players (HackerOne, Bugcrowd, et al) seem to include it?" FAQ on our Bug Bounty page).