Sounds a bit much. Could you have names of firms running this sort of service? and are they recruiting?
When I was working in financial firms, there were internal red teams running vulnerability scanners or manual pentest (manual requires much more planning and coordination) . No point in paying external firms £10k per app to run an automated test. I am gonna have to consider changing side if audit firms are really billing £2-4k a day for this.
We didn’t run automated vuln scanners, the majority of the work was app focused grey box testing, VA was only performed in the rare cases where we actually were testing against a live prod environment nearly all of our testing was done pre-production, quite often it would start pre-QA/UAT.
When I was working in financial firms, there were internal red teams running vulnerability scanners or manual pentest (manual requires much more planning and coordination) . No point in paying external firms £10k per app to run an automated test. I am gonna have to consider changing side if audit firms are really billing £2-4k a day for this.