We have one main domain and multiple sub-domains which have similar app running as main domain. How will the pricing work?
Since we work with hundreds of SaaS businesses, we understand that there some SaaS businesses who have customer dashboards running on their sub-domains. If you application is structured like this:
www.domain.com
app.domain.com
app1.domain.com
app2.domain.com
In the above case here's how we tend to structure the pricing IF app.domain.com, app1.domain.com & app2.domain.com all have above 90% similar code base:
In case of Pentest Plan: In our assessment, we will test the application in the target domain, and also test any subdomains which we can reach from within it, but it won’t be a comprehensive scan on each of the subdomains. The comprehensive scan will be done on the target domain. Example: www.domain.com and app.domain.com (if the main dashboard is hosted there) will be thoroughly scanned and for other domains we'll only scan if there are any dependencies on main targets hosted within the sub-domain.
We've seen this work well for organizations and you can mention your potential customers & partners that the code base for the sub-domains is 90% or more same. You can also implement the fixes for vulnerabilities uncovered in the main target on sub-domain too considering they have a same code base.
You can always get in touch with our sales team for a tailored pricing based on the scope
In case of Scanner or Expert Plan: Since the pricing works per target, only one sub-domain or domain can be scanned with our scanner and additional hosts which has dependencies can be added. Learn more about how a target is defined.
www.domain.com
app.domain.com
app1.domain.com
app2.domain.com
In the above case here's how we tend to structure the pricing IF app.domain.com, app1.domain.com & app2.domain.com all have above 90% similar code base:
In case of Pentest Plan: In our assessment, we will test the application in the target domain, and also test any subdomains which we can reach from within it, but it won’t be a comprehensive scan on each of the subdomains. The comprehensive scan will be done on the target domain. Example: www.domain.com and app.domain.com (if the main dashboard is hosted there) will be thoroughly scanned and for other domains we'll only scan if there are any dependencies on main targets hosted within the sub-domain.
We've seen this work well for organizations and you can mention your potential customers & partners that the code base for the sub-domains is 90% or more same. You can also implement the fixes for vulnerabilities uncovered in the main target on sub-domain too considering they have a same code base.
You can always get in touch with our sales team for a tailored pricing based on the scope
In case of Scanner or Expert Plan: Since the pricing works per target, only one sub-domain or domain can be scanned with our scanner and additional hosts which has dependencies can be added. Learn more about how a target is defined.
Updated on: 24/01/2023
Thank you!