Reconix LogoReconix
Transparent Pricing

Pentest Pricing, With Proof You Can Act On

Clear pricing for offensive security testing. Every engagement ships a working proof of concept for each finding, with retesting until your fixes hold, and a findings briefing that walks your team through every issue so they leave stronger. From startups to regulated financial institutions, there is a tier that fits your risk.

What Determines Pentest Pricing?

We believe in transparent, value-driven pricing. These are the core factors that influence the cost of an engagement.

Scope Complexity

The number of applications, IP addresses, or unique API endpoints. A larger attack surface requires more intensive analyst time.

Testing Depth

Scanners flag; we prove. Every finding comes with a working exploit and a retest, verified by a human, not just a tool. Deep business-logic testing finds the risks scanners miss.

Technology Stack

Modern cloud-native environments and complex microservices architectures require specialized expertise and custom testing payloads.

Compliance Standards

Audits for BOT, SEC, or PCI-DSS require specific methodologies and documentation formats to satisfy regulatory scrutiny.

Time & Urgency

Expedited testing for emergency releases or last-minute compliance deadlines may require additional resources and priority scheduling.

Retesting Requirements

Validation of fixes is critical. Our packages include retesting to ensure your team has effectively remediated all discovered risks.

Security Testing Packages

Investment options for every stage of organizational maturity, with proof of concept and retesting in every tier

Essential

฿160K - ฿320K

Standard security validation for startups and mid-market companies

Includes

  • Single Web Application Pentest
  • Up to 50 pages/functions
  • OWASP Top 10 Assessment
  • Basic External Network Scan
  • Detailed Technical Report
  • Executive Summary for Stakeholders
  • Standard Remediation Guidance
  • 1 Round of Retesting
  • Email Support during Fixes

Not Included

  • Mobile App Testing
  • API Deep-Dive
  • Source Code Review
  • Social Engineering
  • Continuous Monitoring

Ideal for: Startups, SMEs, and single-product companies needing basic compliance.

POPULAR

Professional

฿380K - ฿650K

In-depth assessment for organizations with multiple high-value assets

Includes

  • Web App + Full API Pentest
  • Mobile Security (iOS or Android)
  • Internal & External Network Review
  • Full Business Logic Assessment
  • Authenticated & Multi-role Testing
  • Detailed Remediation Roadmap
  • Findings Briefing & Knowledge Transfer
  • 2 Rounds of Retesting
  • Priority Support Access
  • vCISO Strategic Advice

Not Included

  • Source Code Review
  • Red Team Operations
  • Ongoing Monitoring Retainer

Ideal for: Scale-ups, Fintechs, E-commerce, and companies preparing for BOT/SEC audits.

Enterprise

฿750K - ฿1.4M

Continuous offensive security for large-scale, highly regulated enterprises

Includes

  • Quarterly Comprehensive Assessments
  • Full Stack: Web, Mobile, API, Network, Cloud
  • Red Teaming & Social Engineering
  • Secure Code Review (SAST + Manual)
  • Full Compliance Mapping (ISO, BOT, SEC)
  • Dedicated Engagement Manager
  • Monthly Security Health Checks
  • Unlimited Retesting (90 days)
  • 24/7 Emergency Incident Support
  • Continuous Vulnerability Monitoring
  • Security Awareness Training

Ideal for: Banks, Large Enterprises, and Critical Infrastructure needing constant assurance.

The ROI of Proactive Security

A single data breach in Thailand can cost millions. Professional testing is an investment in business continuity.

1.0M records
฿5.0B
24 hours
20%
Expected annual loss
฿7.4M ฿16.4M/yr
single-incident impact × estimated annual likelihood
Single-incident impact (if it happens): ฿36.8M฿82.2M
Regulatory (PDPA)
฿5.0M
Breach handling
฿18.1M฿36.1M
Downtime
฿13.7M฿41.1M
Reputation
Critical
Annual risk a testing program targets
฿2.2M฿8.2M/yr
roughly 30–50% of expected annual loss

Plus civil liability up to 2× actual damages (PDPA Sec. 78).

A Reconix engagement starts at ฿160K, a fraction of one year's expected loss.

Why test before you ship
In design
In testing
15–30×
In production

The same flaw costs far more after it ships. Testing catches it before it becomes a breach (IBM Systems Sciences Institute).

Illustrative estimate based on your inputs, not a quote or a guarantee. Model: expected annual loss = single-incident impact × likelihood. Sources: IBM Cost of a Data Breach 2025; PDPA B.E. 2562 (Sec. 78, 83, 84); ENISA Return on Security Investment; IBM Systems Sciences Institute.

Project-Based vs. Continuous Offensive

Why most high-growth organizations move to a continuous offensive model

Project-Based

From ฿160K
  • Single Point-in-Time Assessment
  • Standard Fix Verification
  • Technical & Executive Reporting
  • No Ongoing Monitoring
  • No Dedicated Consultant
  • No 24/7 Incident Support
  • Limited Strategic Roadmap

Best for: Annual compliance requirements and low-complexity assets.

Continuous Offensive

From ฿750K / Year
  • Quarterly Deep-Dive Assessments
  • Unlimited Re-Testing (90 Days)
  • Dedicated Security Advisor
  • Real-Time Threat Intelligence
  • 24/7 Priority Emergency Support
  • Compliance & Audit-Ready Status
  • Integrated Security Roadmap

Best for: Financial institutions, multi-product tech firms, and high-value targets.

Frequently Asked Questions About Pricing

Get answers to common questions about penetration testing costs in Thailand

Get a Pricing Proposal for Your Scope

Every organization has a different threat model. Schedule a 15-minute scoping call to get a fixed-fee quote matched to your infrastructure and compliance needs.

Reconix is the proof-first offensive security specialist in Thailand, serving regulated digital businesses of all sizes.