Pricing

Custom plans built around your program

We don't sell fixed tiers. Attack surface, engagement cadence, scope mix, and compliance obligations vary too much across organizations to box pricing into three columns. Tell us what you need to test and we'll build a plan around it.

Included with every plan

What you always get

Every Provid Guard engagement, regardless of size, ships with the same security baseline and methodology.

Ownership-verified scoping

Every in-scope asset is proven owned before a scan runs — DNS, HTTP file, HTML meta, or WHOIS email challenge. Re-verified every 90 days.

OWASP & NIST methodology

Testing follows OWASP WSTG, OWASP API Security Top 10, and NIST SP 800-115. Every finding carries a CVSS v3.1 score and a CWE classification.

Compliance-mapped reporting

Findings map to the Provid Guard Security Benchmark™, NIST 800-53, CIS Controls v8, NIST CSF, and the CISA Zero Trust Maturity Model. You choose which frameworks appear in each report.

Staff review, signed ROE, kill switch

No engagement starts without staff approval and a signed Rules of Engagement. A kill switch is available at every state — you stay in control of what runs and when.

Tailored to your program

What we size for you

These are the axes we tune when building your plan. Tell us where you are today and where you want to be in twelve months — we'll size accordingly.

Asset count & engagement cadence

From a handful of public domains to thousands of internet-facing assets, with engagements running monthly, quarterly, or continuously.

Scope mix

External attack surface review, web application testing, API security validation, and cloud misconfiguration analysis across AWS, Azure, and GCP — combined to fit your environment.

Integrations

Push findings into Jira, GitHub Issues, Slack, or ServiceNow. Pipe report exports into your GRC stack.

SSO & review SLA

SAML single sign-on for your identity provider, plus a review SLA matched to your release cadence and audit calendar.

Let's build the right plan

Tell us about your attack surface, your compliance obligations, and your timeline. We'll come back with a tailored proposal and a live demo.