Simple, Transparent Pricing

From quick vulnerability checks to enterprise-wide protection. Pay for what you need.

Start Here

Quick Assessments

Fast, affordable vulnerability testing. No commitment required.

Free Scan

Basic attack surface check

$0 / scan
  • Single domain scan
  • 12 common subdomain checks
  • 6 CDN providers detected
  • Basic risk summary
  • Full subdomain discovery
  • DDoS simulation

DoS Quick Check

Test your rate limits work

$99 / test
  • 15-minute assessment
  • HTTP flood testing
  • Cache bypass testing
  • Rate limit validation
  • Basic report included
  • Slowloris / Slow POST
Get Started

DoS Standard

Comprehensive vulnerability scan

$199 / test
  • 30-minute assessment
  • 5,000 RPS testing
  • Slowloris attack testing
  • Connection flood testing
  • Detailed HTML report
  • Hardening recommendations
Get Started

DoS Professional

Full attack vector coverage

$399 / test
  • 1-hour assessment
  • 10,000 RPS testing
  • All attack vectors
  • SSL exhaustion testing
  • Executive + Technical report
  • 30-min consultation call
Get Started
Full Assessment

Discovery & DDoS Simulation

Complete attack surface mapping with optional synthetic DDoS testing.

Discovery Assessment

Full attack surface mapping

$2,500 / domain
  • 500+ subdomain discovery
  • 12 CDN/WAF providers detected
  • Origin IP exposure check
  • API endpoint discovery
  • Architecture topology map
  • Executive PDF report
  • CLI remediation commands
  • DDoS simulation
Request Quote

Full Assessment

Discovery + DDoS Simulation

$7,500 / domain
  • Everything in Discovery
  • Lab-based DDoS simulation
  • L7 attack patterns tested
  • Cache bypass flood testing
  • WAF effectiveness report
  • Technical deep-dive report
  • Priority remediation guidance
  • Re-test after hardening (50% off)
Request Quote
Performance

Load Testing

Distributed load testing from multiple cloud regions.

Basic

Quick smoke test

$99
  • 100 virtual users
  • 15-minute duration
  • 1 region
  • Real-time metrics
  • JSON report
Get Started

Standard

Pre-launch validation

$299
  • 500 virtual users
  • 30-minute duration
  • 3 regions
  • P50/P90/P99 latencies
  • HTML report
Get Started

Professional

Black Friday ready

$799
  • 2,000 virtual users
  • 1-hour duration
  • 5 regions
  • SLA validation
  • Full PDF report
Get Started

Enterprise

Maximum scale

Custom
  • 10,000+ virtual users
  • Custom duration
  • Global distribution
  • Custom traffic patterns
  • Dedicated support
Contact Sales
Subscription

Continuous Validation

Ongoing protection with regular assessments and real-time monitoring.

SMB Starter

1-5 SLDs

$25,000 / year
  • Up to 5 primary domains
  • Up to 3 protection groups
  • Quarterly DDoS simulations (4/yr)
  • Continuous monitoring
  • Hardening playbook
  • Dashboard (2 seats)
  • Email support
Get Started

SMB Growth

5-15 SLDs

$55,000 / year
  • Up to 15 primary domains
  • Up to 5 protection groups
  • Quarterly DDoS simulations (4/yr)
  • Continuous monitoring
  • Self-Check CLI access
  • Dashboard (5 seats)
  • Standard support
Get Started

Mid-market

15-40 SLDs

$110,000 / year
  • Up to 40 primary domains
  • Up to 10 protection groups
  • Quarterly DDoS simulations (4/yr)
  • Continuous monitoring
  • Self-Check CLI + API access
  • Dashboard (10 seats)
  • Priority support
Get Started

Enterprise Standard

40-100 SLDs

$150,000 / year
  • Up to 100 primary domains
  • Up to 25 protection groups
  • Quarterly DDoS simulations (4/yr)
  • Continuous monitoring
  • Self-Check CLI + API + SIEM integrations
  • Dashboard (25 seats)
  • Dedicated TAM
  • 24/7 support (4hr SLA)
Get Started

Enterprise 100+

100+ SLDs

Custom
  • 100+ primary domains
  • Custom protection group cap
  • On-demand simulations
  • Custom integrations
  • Unlimited dashboard seats
  • Executive QBRs
  • Custom SLAs
Contact Sales

How tier anchoring works

We anchor your tier by the higher of three signals: SLD count, protection group count, or regulatory complexity (FinTech, healthcare, insurance, government). A 12-SLD insurer with 8 protection groups across multiple Cloudflare accounts and an on-prem WAF anchors at Enterprise Standard, not SMB Growth.

Protection group overage: $5,000 per additional PG/year beyond your tier cap, prorated.
Annual prepay discount: 10% off vs quarterly invoicing.
Multi-year: 10% off (2-year), 15% off (3-year). Stackable with annual prepay.

Prefer a one-time pilot?

Start with a single one-time Cycle 1 (test plan + simulation + hardening compare) at 85% off the standard one-time fee for your tier. If you convert to a yearly plan within 30 days of final report acceptance, the Cycle 1 fee credits in full toward your Year 1 fee. If you do not convert, the engagement concludes with no further obligation.

Talk to us about a one-time pilot

Compare Plans

Find the right level of protection for your needs.

Feature Free Scan DoS Assessment Discovery Full Assessment
Subdomain Discovery 12 prefixes - 500+ 500+
CDN/WAF Detection 6 providers 12 providers 12 providers 12 providers
Origin IP Check Basic Yes Deep scan Deep scan
Rate Limit Testing - Yes - Yes
Slowloris Testing - Standard+ - Yes
DDoS Simulation - - - Lab-based
Architecture Map - - Yes Yes
PDF Report - +$99 Included Included
CLI Commands - - Included Included
Starting Price Free $99 $2,500 $7,500
Founding Design Partner Program

5 seats. No deadline.

For the first 5 customers who help shape the product. Graduated pricing across years 1-3 so renewal is predictable, not a cliff.

Year 1: Founding Partner

Locked across four quarterly cycles

90% off standard tier rate
  • Full Test Plan tailored to your stack
  • Live botnet test from 23+ cloud platforms
  • Hardening Playbook with vendor-specific commands
  • Three quarterly reruns over 12 months
  • Direct line to the founder
  • Quarterly feedback session, anonymized inclusion in research
Apply for FDP

Year 2: Design Partner Graduate

Permanent benefit for FDP graduates

50% off standard tier rate
  • Same scope and deliverables as year 1
  • Locked across all four quarterly cycles in year 2
  • Smooths the year-1-to-standard transition
  • Written into the SOW from day one

Year 3+: Standard or Renegotiated

Based on year-2 outcomes and scope

Standard tier rate
  • Standard Enterprise tier rate, or renegotiated based on scope changes
  • Stackable with multi-year prepay (10% off 2-year, 15% off 3-year)
  • Stackable with annual prepay (10% off vs quarterly)

Customers 6-50 enter under Founder's Pricing (30% off year 1). See PRICE_LIST for the full table.

Enterprise Solutions

For organizations with 100+ domains, we offer ceiling-based annual contracts with dedicated support and custom integrations.

🔒

Unlimited Domains

Up to 2,500 domains

📞

24/7 Support

4-hour SLA

📈

Quarterly Reviews

Executive briefings

Custom Integrations

SIEM, CI/CD, API

Talk to Sales
Compare Plans

Platform Subscription Plans

Choose the plan that fits your needs. All plans include access to the DDactic platform.

Feature Free Pro Business Enterprise
Price $0 $99/mo $499/mo Custom
Domains Visible 1 HTTP domain 5 domains 25 domains Unlimited
Company Search ✓ Limited ✓ Full ✓ Full ✓ Full
Database Discovery 🔒 Blurred ✓ Full Details ✓ Full Details ✓ Full Details
API Findings 🔒 Blurred ✓ Full Details ✓ Full Details ✓ Full Details
Active Recon ✓ 1 domain only ✓ 50/day ✓ Unlimited ✓ Unlimited
Topology Visualization ✓ Basic ✓ Full ✓ Full ✓ Full + Custom
Reports ✓ Basic ✓ Full ✓ Full + White-label ✓ Full + Custom
SSO / SAML
Team Members 1 5 25 Unlimited
Admin Verification ✓ Required ✓ Required
Support Community Email Priority Dedicated TAM
Get Started Upgrade Contact Sales Contact Sales

🔒 Security Note

For Business and Enterprise plans, all discovered domains are shown to organization members, but actions require admin (CISO) email verification. This ensures proper authorization before performing scans or accessing sensitive infrastructure data.

Frequently Asked Questions

What's the difference between DoS and DDoS assessment?
DoS (Denial of Service) assessment uses a single high-powered server to test your rate limits, connection pools, and timeout configurations. It answers "do my defenses work?" DDoS simulation uses our distributed load fleet infrastructure to simulate real-world distributed attacks and answers "can I survive a real attack?"
Is DDoS testing safe for production?
Yes. Our Full Assessment simulations run from controlled lab infrastructure, not against your production systems directly. We test your CDN/WAF's ability to absorb and mitigate attacks without ever overwhelming your origin servers.
What's included in the CLI commands?
Our reports include ready-to-run commands for hardening your infrastructure. Examples: Cloudflare WAF rule updates, AWS WAF configurations, nginx rate limiting snippets, and origin IP rotation scripts for major cloud providers.
Can I get a discount for multiple domains?
Yes! We offer bundle packages with up to 50% savings. For 10+ domains, contact us for custom enterprise pricing. First-time customers also get 20% off with code FIRSTSCAN.
Do you offer a money-back guarantee?
Yes. If our assessment doesn't find any actionable findings, we'll refund 100% of your payment. We're confident in our methodology.

Ready to Find What Your Defenses Miss?

Start with a free scan or talk to our team about your specific needs.

Get Started Contact Sales