Did you know ransomware perpetrators demand about $850,000 for each attack in 2020? That’s a lot of money, even for the largest enterprises. Framework Security
The Best Penetration Testing Companies: Reviews & Comparison
Of course, there is no true “best penetration testing company”.
We can talk about the biggest firms that specialize in penetration testing; Perhaps by client volume? Or we could talk about the firms with the best pen testing technology?
But these answers wouldn’t be helpful to you in finding the vendor that is best suited to help your firm meet its security and compliance goals.
Instead, what you’ll find below is a list of highly reputable penetration testing vendors from around the globe, at a range of prices and with varying specialties across networks, cloud environments, applications and more.
You can sort the list by price, search by location, or simply scroll to compare vendors. For further price guidance you can also download our free 2022 Penetration Test Pricing Guide.
The Best Penetration Testing Companies in the US
The United States has one of the largest and most mature security service and tool markets in the world. Navigating consulting vendors is no small task, as there are thousands of companies offering up services.
While it is possible to find equally skilled companies from outside of the US, there are many companies (both US and internationally) that put a high value on utilizing a penetration testing company based in the US.
Below are four top performers from the US that should be considered.
NetSPI offers many services beyond security testing services. However, this does not impact the quality of the testing services provided by this vendor. NetSPI offers up high-quality, technically deep penetration testing services across network, application, and cloud. A big benefit of utilizing this company is that their testing methodology is extremely mature, and there is a large stable of ethical hackers that can be leveraged for your engagement.
Bishop Fox may not be the largest firm on the list and may even be considered a boutique firm. However, they are included in this list, due to the extremely technical staff that they employ. Bishop Fox emphasizes hiring highly technical, detail-oriented penetration testers that are constantly researching new techniques and attack techniques. This shows up in the fact that they excel across Cloud, Application, and IoT penetration testing, while still being a leader in all other types of penetration testing.
Rapid7 has been providing penetration testing for quite some time and can be considered one of the old guards, along with Veracode, in this space. Rapid7 combines its expertise in penetration testing services with its tools to enhance the capabilities of its service. If your company is looking for a name-brand testing company that can perform network or application penetration testing, it is hard to go wrong with Rapid7. Just like NetSPI, Rapid7 boasts many penetration testing resources, which will enable a quick turnaround of testing after the contract is signed.
Veracode did not get its start in penetration testing services. This company may be more recognized for its SaaS application security tools include SAST and DAST.
While the company has been a pioneer, in many ways, in the application security field, they have also excelled in penetration testing for many years. Veracode has a strong group of application testing ethical hackers that can assist with producing a high-quality report for your organization. While this may be their primary area of focus, Veracode testing services can provide a quality test against networks, as well.
The Best International Penetration Testing Companies
While many companies prefer to utilize US-based companies due to the perceived notion of maturity, this does not always hold true. There are many great, highly technical penetration testing companies that are positioned across the world. Many are based in the EU and Asia Pacific.
Cobalt offers up a bit of a unique model for consuming their services. This vendor could easily be placed in the budget category, as well, due to their model of purchase. However, being based in Germany and utilizing some of the best penetration testers from across the globe, Cobalt has been placed in the international category.
Cobalt offers up penetration testing for networks, social, application, and cloud. Purchase credits up front that can then be traded in for testing hours (essentially 5 days of testing) against your project. This allows for a flexible approach that could entail using 2 credits for a 1-week test to attain 2 testers or adding more credits to the test to allocate more time. This flexibility is great for a company that is trying to spread a budget across multiple projects.
SEC-Consult is a consulting company based in Germany, Switzerland, Austria, and Asia Pacific. SEC-Consult first minted its reputation as an IoT penetration testing company in the early years of IoT devices coming out.
They have since built tools and methodology that allow them to excel at testing devices from all verticals of manufacturing. They have since expanded their expertise into application and network penetration testing.
Unlike some of the other companies on this list, SEC-Consult has a strong lab and methodology that allows for both remote and onsite testing of IoT devices.
LGMS is a company based in Malaysia. This firm has some highly technical penetration testers on staff. However, it is often overlooked, due to the country of operation.
They have successfully worked with regional governments to assist with securing their assets and networks for years and provide services to larger penetration testing firms from across the world. LGMS is a firm that is extremely strong across many facets of penetration testing but primarily application and network.
Due to their region, it may be possible to attain their services for lower fees than some of the other US or EU-based testing firms.
Best Boutique Penetration Testing Companies
What constitutes a boutique shop? It can be a firm that specializes in a specific type of testing or security service, or maybe a smaller regional company. By no means does a boutique shop mean that the organization is not capable of performing at the same level or outperforming some of the larger companies. Below are some of the very strong boutique shops.
Security PS is a small regional shop based in the Midwest. They have spent many years focused on application security while providing some services on the network security side. They have strong technical resources that can work closely with application security and application developers to secure the infrastructure and code of an application. While they may not be the largest, they are certainly worth the wait that may come due to their backlog being full.
BHIS is quickly becoming more recognized and may soon no longer be considered a boutique shop. While they offer services across security disciplines, they cut their teeth on red team exercises. Many conference talks, webinars, and training materials have been developed by the staff at BHIS with topics including new exploits, bypassing security controls, and discussions around zero days.
BHIS will not come in as the cheapest, but they will provide a high-quality test with a great report. If you really want to test your security controls, BHIS is the company to consider.
Much like Security PS, Carve Systems was built and operates in the application security space. Carve Systems provides penetration testing services, devsecops, and secure SDLC consulting. In fact, it is not uncommon to have recommendations coming from a penetration test on how to improve code quality or development methodologies to prevent further issues. Carve Systems is located across the Midwest and Northeast with a strong portfolio of customers.
TrustedSec offers up services across all the penetration testing types. However, where they really burst onto the scene is physical and red team exercises.
The company was founded out of security intelligence and is constantly providing value back to the security industry through talks, whitepapers, and security bulletins. What really separates them from other companies is their ability to blend physical testing with their red team exercises. Not only will they get into your office or facility, but they will take over your network, and you may not even know they were there.
The Best Value Penetration Testing Companies
The final set of companies are testing outfits that can provide strong results at a value. These companies will provide a quality report with manual testing and not just a scan report.
Synack is much like Cobalt. They offer up a valuable and highly customizable approach to your testing through a controlled crowdsourcing testing service. Synack is known for testing networks, cloud, and applications with their near-continuous approach to testing. With a flat fee for the testing, it removes any confusion from the cost of the testing services.
RedBot is a smaller testing company that provides the ability to customize your approach to meet your requirements. With this, it also allows you to adjust the effort to better fit your budget. What sets them apart is that they can test ICS/SCADA systems, as well as networks, applications, and cloud infrastructure. RedBot may not be overly known in the space, but they deliver with the best of the penetration testing companies on the market.
Much like RedBot, Rhino offers up the ability to customize the approach to fit into your budget. Rhino is known as an industry leader in cloud security testing. With their highly skilled penetration testers, Rhino has been leading the industry in producing security tools, exploits, and proof of concepts. While they may be strong in cloud, they are just as competent in performing network and application penetration testing services.
Tips on Choosing Penetration Testing Companies
Picking a service provider can seem overwhelming. As touched on earlier in the article, there are many providers across the world, with the US market having the highest concentration.
With that in mind, use the following tips to help pick the right vendor, regardless of price (obviously within the budget you have as well).
Publications: A great way to determine the technical skill set of an organization is to look at the publications, whitepapers, blogs, and technical presentations that the staff have presented. While this may not always be the case, it is a great way to determine the depth of knowledge and skill sets that are available.
If the vendor is releasing exploit proof of concepts, or discussions on how to evade security controls, it is highly likely that they have additional internal tools that will help provide a high-quality test.
Example Reports: When talking to a vendor, ask for example reports. In some cases, you may even be able to ask for a scrubbed deliverable, as an example. This will provide some insight into how the findings are written, what types of vulnerabilities they have found, and the attention to detail of the report writer.
A sample report is a great way to get a glimpse of what you may get at the end product.
Expertise: This last tip may seem obvious, but it is critical. Focus on firms that are known to be experts in the type of testing you are wanting. It does not make any sense to contract with a strong technical firm if they have limited experience in IoT.
To help determine this, ask the vendor how many tests of that type they might perform compared to other test types. Further, it is possible to ask peers in the industry who they have used to help find a firm that has a strong reputation in that type of testing.
Lastly, for detailed price comparisons between vendors and further advice on picking a penetration testing firm, see our Penetration Test Pricing Guide.