Products

🔄
PTaaS Platform
DAST Scanner
☁️
Cloud Vulnerability Scanner
🔌
API Security Platform

Pentest

🌐
Web Pentest
🔌
API Pentest
☁️
Cloud Pentest
📱
Mobile Pentest

Company

💰
Pricing
🏢
About Us
💼
Careers
📧
Contact
Talk to Sales →

Clear, transparent pricing
trusted by 1000+ businesses

Hacker style pentest by certified pentesters made agile & dev friendly with PTaaS platform. Meet & exceed SOC2, ISO, HIPAA needs.

Hacker style pentest by certified pentesters made agile & dev friendly with PTaaS platform. Meet & exceed SOC2, ISO, HIPAA needs

PENTEST BASIC
$1,999
/yr
1 Target
Best for startups or businesses doing more than their first set of pentests or small infra.
Schedule a call ↗
What's included
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliance
  • Automated scans & manual pentest (VAPT) covering OWASP Top 10
  • 2 fix re-scans by experts to verify fixes
  • Shared Slack channel
MOST POPULAR
PENTEST (PTAAS)
$5,999
/yr
1 Target
For fast release teams or businesses doing their first deep offensive pentest.
Schedule a call ↗
Everything in Basic, plus
  • Manual Pentest (VAPT) by security experts in OWASP, SANS, PTES etc. standards
  • Automated cloud security config review (AWS/GCP/Azure)
  • Percent of APIs covered within target
  • 2 fix re-scans by experts to verify fixes
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Publicly verifiable pentest certificate
  • Unlimited DAST vulnerability scans with 10,000+ tests (DAST Scanner plan)
  • Named account manager
  • Shared Slack channel
  • Custom SLA & payment options
ENTERPRISE
$9,999
/yr
Best for enterprises with diverse infrastructure
Custom scope, unlimited targets, dedicated security engineering team, custom SLAs.
Schedule a call ↗
Everything in PTaaS, plus
  • Manual Pentest (VAPT) by security experts in OWASP, SANS, PTES, CREST etc.
  • Automated cloud security config review (AWS/GCP/Azure)
  • Percent of APIs covered within target
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Publicly verifiable pentest certificate
  • Unlimited DAST vulnerability scans with 10,000+ extra (DAST Scanner plan)
  • Named account manager
  • Shared Slack channel
  • Custom SLA & payment options
Compare plans & find the right one for you
STARTER
$2,999
/yr
1 Target · Annual scan coverage
Ideal for startups needing continuous automated scanning with basic pentest coverage.
Schedule a call ↗
  • Continuous DAST scanning (10,000+ tests)
  • Scan behind login including TOTP MFA
  • Compliance view (SOC2, ISO27001, HIPAA)
  • CI/CD integrations
  • Shared Slack support
MOST POPULAR
GROWTH
$5,999
/yr
1 Target · Includes manual pentest
Continuous pentesting with expert-led manual testing for fast-moving teams.
Schedule a call ↗
  • Everything in Starter
  • Manual Pentest (VAPT) by certified experts
  • Automated cloud security review
  • Pentest report for SOC2, ISO27001, HIPAA
  • Publicly verifiable pentest certificate
  • Named account manager
  • Custom SLA & payment options
ENTERPRISE
$9,999
/yr
For enterprises with diverse infrastructure
Unlimited targets, custom scope, dedicated security team, custom SLAs and enterprise payment options.
Schedule a call ↗
  • Everything in Growth
  • Pricing that fits your multi-target needs
  • Custom SLAs and contracts
  • Flexible deployment options
  • Named account manager
  • Dedicated security engineering team
STARTER
$2,499
/yr
Up to 100 API endpoints
Ideal for teams wanting API visibility and continuous automated security scanning.
Schedule a call ↗
  • Real-time API discovery (shadow, zombie, dormant)
  • 15,000+ API-specific DAST tests
  • OWASP API Top 10 coverage
  • CI/CD integration
MOST POPULAR
GROWTH
$4,999
/yr
Up to 500 API endpoints
Full API security platform with expert manual pentesting and compliance reports.
Schedule a call ↗
  • Everything in Starter
  • Expert manual API pentesting
  • BOLA, BFLA, JWT, mass assignment testing
  • Compliance reports (SOC2, PCI-DSS, HIPAA)
  • Verifiable API pentest certificate
  • Named account manager
ENTERPRISE
$9,999
/yr
Unlimited API endpoints
Custom scope for enterprises with complex API infrastructure across multiple services.
Schedule a call ↗
  • Everything in Growth
  • Unlimited API endpoints
  • Custom SLAs and contracts
  • Dedicated security team
  • Custom SLA & payment options
STARTER
$1,999
/yr
1 Cloud Account (AWS/Azure/GCP)
Continuous cloud misconfiguration scanning for teams getting started with cloud security.
Schedule a call ↗
  • 400+ cloud misconfiguration checks
  • Agentless setup (read-only API keys)
  • First report in under 10 minutes
  • CI/CD integration
MOST POPULAR
GROWTH
$3,999
/yr
Up to 5 Cloud Accounts · Multi-cloud
Full multi-cloud coverage with offensive validation and compliance reports.
Schedule a call ↗
  • Everything in Starter
  • Offensive validation engine
  • AWS + Azure + GCP unified dashboard
  • Compliance reports (SOC2, PCI, HIPAA, ISO)
  • Named account manager
ENTERPRISE
$9,999
/yr
Unlimited cloud accounts & regions
Enterprise-scale multi-cloud security with custom integrations and dedicated support.
Schedule a call ↗
  • Everything in Growth
  • Unlimited accounts & regions
  • Custom SLAs & contracts
  • Dedicated security engineering team
  • Custom SLA & payment options

We've got tailored options for those
who deal with a diverse infrastructure

For Partners

Think your customers would love Astrolabe too? Let's join forces.

Perfect for
  • Compliance platforms
  • Insurance providers
  • MSSPs
  • Auditors
Schedule a Discovery Call ↗ Learn More →

For Enterprises

Need something more tailored? Our enterprise plan has got you covered.

When you get
  • Pricing that fits your multi-target needs
  • Custom SLEs and contracts
  • Flexible deployment options
  • Named account manager
Let's Talk Enterprise ↗

Loved by leading security conscious
companies around the world

TechVault
Nexora
Cloudify
DataStream
AppForge
SecureStack
Orbital
Prism AI
★★★★★
"Astrolabe identified several moderate and high severity issues that our team never thought existed. We are working in the Mental Health space and data privacy and security are extremely critical to us. That being said, I am thankful for their service."
— Georgi Mateev
CTO, Sykros
Trusted by 1000+
engineering teams
across 70+ countries worldwide
FAQ

Frequently asked questions

Simply put, a domain with all its site tree URLs is a target. A target can be the URL of a web application, IP, website, or API. If your website makes API calls to different domains (e.g., api.example.com), you can add them as an extra host during setup without purchasing another target — all calls to api.example.com from example.com will be scanned too.
Yes! We offer meaningful discounts for multi-year commitments and for customers who bundle multiple products (e.g., DAST + PTaaS + API Security). Contact our sales team to discuss a custom pricing plan tailored to your security roadmap.
Yes. Our PTaaS pentest reports are designed to meet the requirements of SOC2 Type II, PCI-DSS (Requirement 6.4), ISO 27001 Annex A, HIPAA, and GDPR Article 32. Auditors widely accept our reports as compliance evidence. Once remediation is verified, you also receive a publicly verifiable pentest certificate.
Automated scans test for 10,000+ known vulnerabilities including OWASP Top 10, CVEs, misconfigurations, and port/service issues. Manual pentesting by certified experts goes deeper — covering business logic flaws, price manipulation, authentication bypass chains, BOLA/IDOR, and complex multi-step attack scenarios that automated tools routinely miss.
A target is a URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API, or IP. If you have a customer dashboard at app.example.com and an admin dashboard at admin.example.com with different login pages, those would be 2 separate targets. For SaaS apps, the entire app with all its APIs is typically 1 target.
PTaaS plans include 2 free retests by our pentesters to validate fixes. For DAST Scanner customers, you can re-scan individual vulnerabilities directly from the dashboard after applying fixes — without needing to run a full scan again. Enterprise plans include unlimited retests.
Automated DAST scans complete within 24 hours. Manual penetration testing takes 10–14 business days including testing, report writing, and initial review. Rescan turnaround is typically 2–3 business days after fixes are submitted. We always agree on a timeline before any engagement begins.
Yes! While we don't fix vulnerabilities for you, we actively assist your developers through the remediation process. Your developer can comment under each vulnerability in the dashboard to ask questions, get clarifications, or request guidance. Our security team responds typically within 24 hours to help unblock remediation.
Find & Fix Every Vulnerability

Find & fix every vulnerability
with Astrolabe

Astrolabe's continuous pentest platform — PTaaS for expert-led pentesting, DAST Scanner for continuous vulnerability detection & API Security Platform for API observability & vulnerability scanning — all working together to secure your applications.

Schedule Discovery Call → Get Started Now →
0 Million+
Vulnerabilities Uncovered
120+
Pentests Completed
4.0/5
on G2