Find a pentest company offering Attack Surface Management
60 companies offer this service
Bishop Fox
Bishop Fox is a private cybersecurity firm specializing in offensive security, including continuous penetration testing, red teaming, and attack surface management; 235 employees, founded in 2005, headquartered in Tempe, Arizona; $75M annual revenue, $197.1M total funding, Series B in 2022-11-15; recognized leader in pentesting and security assessments.
Synack
Cybersecurity company based in Redwood City, California; provides AI-enhanced penetration testing services using on-demand researchers and automated agents to deliver continuous security testing at scale.
Prancer
Prancer is a private cybersecurity company specializing in AI-native autonomous continuous security validation and penetration testing platforms; based in San Diego, California, with 4 employees, founded in 2020, and approximately $1.5M in funding. The company offers quick, affordable cloud security and pentesting solutions designed for DevSecOps teams, supporting automated security assessments and collaboration.
Tac Security
Cybersecurity firm specializing in risk-based vulnerability management and cyber risk quantification; offers advanced vulnerability detection, penetration testing, and attack surface management. Headquartered in San Francisco, CA; provides CREST-registered penetration testing and continuous attack surface testing.
Beazley Security
Cybersecurity company specializing in cyber risk management, penetration testing, and incident response; 127 employees (+32.8% YoY growth), $4.1M annual revenue, founded 2016, headquartered in West Hartford, Connecticut. Offers comprehensive penetration testing, digital forensics, breach response, and regulatory compliance services, with a focus on enhancing client cyber resilience.
Syn Cubes
Cybersecurity company specializing in Penetration Testing as a Service (PTaaS); offers web, API, IoT, mobile, infrastructure, and cloud pentesting; founded in 2020, with $6.3M revenue, 2 employees; based in Claymont, Delaware.
Trickest, Inc.
Cybersecurity company specializing in offensive security and penetration testing; offers an automated platform that replaces manual pentest tasks, supports attack surface management, and vulnerability scanning; founded in 2020, 9 employees, $1M revenue, $5.3M funding; headquartered in Dover, Delaware, United States.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
ThreatMate
Cybersecurity company providing attack surface management, vulnerability scanning, and automated pentesting services for MSPs; headquartered in Dover, Delaware, with multiple credible sources confirming its location in Delaware, United States.
Netstream Technology Inc.
Cybersecurity company specializing in penetration testing and attack surface management; headquartered in Newark, Delaware, with a focus on enterprise IT support and infrastructure management. Provides 24/7 cybersecurity services, including security testing and attack surface analysis.
Raxis
IT services and consulting company specializing in penetration testing, ethical hacking, and security assessments; 18 employees with 15% YoY growth; $4.5M annual revenue; founded in 2011; headquartered in Atlanta, Georgia; listed as a sample vendor for Penetration Testing as a Service in Gartner reports.
risk3sixty
risk3sixty is a private business consulting and services firm specializing in security, privacy, and compliance programs; offers penetration testing services as confirmed by its dedicated webpage; headquartered in Atlanta, Georgia, with 45 employees and a -13.3% YoY growth rate.
SixMap
Cybersecurity firm specializing in penetration testing and attack surface management; based in Columbia, Maryland, United States; provides proactive pentest solutions and asset exploitability validation.
Rapid7
Cybersecurity company specializing in attack surface management, vulnerability management, penetration testing, and security programs; 2,068 employees, $858.7M annual revenue, $2.5B market cap, founded in Boston, MA; offers penetration testing services to identify and remediate security weaknesses.
Randori, an IBM Company
Cybersecurity company specializing in attack surface management, offensive security, and penetration testing; 14 employees with -48.8% YoY growth, $8.4M annual revenue, founded 2018 in Waltham, MA; $29.8M total funding, Series A in 2020; offers attack platform for red teaming and adversary simulation.
Advertise on pentest.fyi
You could be here!
FireCompass
Cybersecurity company specializing in automated recon, pen testing, red teaming, and attack surface management; 65 employees, $2.8M annual revenue, founded 2019 in Boston, MA; offers SaaS platform for continuous attack surface monitoring and autonomous penetration testing; $7M funding, recent innovations include AI-driven ethical hacking.
IT Audit Labs
IT Audit Labs is a private IT services and consulting company specializing in data security and cybersecurity assessments, including penetration testing; founded in 2019, based in Saint Paul, Minnesota, with 8 employees and 6.3% annual growth. The firm offers security risk and compliance evaluations, threat assessments, and security controls, leveraging a network of specialists to serve government and professional clients.
Red Team Village
Cybersecurity company specializing in penetration testing, offensive security, and security education; 12 employees with 40% YoY growth; founded in 1999; headquartered in Las Vegas, Nevada; offers workshops, CTF challenges, and DEFCON 33 program; provides virtual and onsite training, challenges, and labs for all skill levels.
Asymmetric Response
Asymmetric Response is a cybersecurity-focused business consulting and services firm based in Jersey City, New Jersey, with 2 employees since 2020. The company provides penetration testing, red teaming, application security, open source intelligence, and DevSecOps services, serving a global client base. Known for its security mindset philosophy, it actively engages in geopolitical cybersecurity strategies, evidenced by recent activity related to asymmetric responses to geopolitical threats.
Consortium
Cybersecurity-focused IT services and consulting company based in Cherry Hill, New Jersey; 49 employees (+30% YoY growth), $12M revenue; offers penetration testing, incident response, risk assessment, and policy development; recently acquired Metrics That Matter; active in cybersecurity testing and forums; ranked #5,779,985 globally and #166,6387 in country.
Securin Inc.
Securin Inc. is a cybersecurity firm headquartered in Albuquerque, New Mexico, founded in 2020, with 170 employees and $3.5M annual revenue. It offers a range of security services including penetration testing, red teaming, vulnerability management, and attack surface management, serving hundreds of clients globally; 18,995 monthly website visits and ranked #1,657,710 worldwide.
BreachLock, Inc.
Cybersecurity company specializing in attack surface discovery, penetration testing, and red teaming; 88 employees with 3.4% YoY growth; founded in 2019; based in New York, NY; secured $3.1M in funding; CREST-accredited penetration testing provider; active in global security testing and vulnerability management.
Nopalcyber
Cybersecurity company based in New York, US, specializing in offensive and defensive security; provides penetration testing, vulnerability assessments, breach attack simulations, and attack surface management services.
4D Security
IT services and cybersecurity company specializing in penetration testing, governance, risk management, and operational technology; founded in 2023, 6 employees, +20% YoY growth, based in Oklahoma City, Oklahoma, USA. Provides comprehensive cybersecurity solutions including attack surface management and operational security.
Omega Systems
Omega Systems is a private IT services and consulting firm based in Reading, Pennsylvania, with 130 employees and $12M revenue; specializes in managed IT, cybersecurity, cloud, compliance, and penetration testing services; founded in 2002, recently acquired PEAKE Technology Partners, and recognized for growth and cybersecurity excellence.
Avertium
Avertium is a private cybersecurity firm founded in 2019, headquartered in Knoxville, Tennessee, with 116 employees and $74.4M annual revenue. They specialize in managed security services, including Microsoft security, MXDR, threat intelligence, attack surface monitoring, vulnerability management, and active penetration testing services such as red team, purple team, and social engineering. Recognized as a cyber fusion and MXDR leader, Avertium serves mid-market clients with comprehensive security and compliance solutions.
Synack Red Team
Cybersecurity company specializing in penetration testing services for web, mobile, and infrastructure; employs 724 staff with a global freelance security research team spanning 6 continents and over 80 countries; founded in 2013; headquartered in Austin, Texas, USA.
Praetorian
Cybersecurity company specializing in continuous threat exposure management, attack surface, vulnerability management, breach & attack simulation, red teaming, and threat intelligence; offers explicit penetration testing services including application and network pentests, PTaaS, and ongoing testing; based in Austin, Texas, with 98 employees, $25M revenue, founded 2010, $10M funding.
Strobes Security, Inc.
Cybersecurity company specializing in AI-driven Continuous Threat Exposure Management and penetration testing; 66 employees with 46% YoY growth; headquartered in Plano, Texas; founded 2019; $928.5K funding; active in vulnerability management, security automation, and penetration testing services; competes with RedSeal and OPSWAT.
PriorityZero
Cybersecurity company specializing in offensive security and penetration testing; founded 2021 in Sofia, Bulgaria; 2 employees with 100% YoY growth; offers ethical hacking, security audits, compliance, and system implementation services, with expertise in web, API, and network penetration tests.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Rapid7
Cybersecurity company with a Danish subsidiary (CVR 38855441, Copenhagen); offers comprehensive penetration testing services including network, web, IoT, social engineering, red team, and wireless testing, focusing on simulated attack scenarios to identify vulnerabilities.
Holm Security
Danish cybersecurity firm specializing in vulnerability management and automated penetration testing; operates as a subsidiary of Holm Security Sweden AB with offices in Herlev and Stockholm; provides pentest services integrated into its platform, supporting MSSP partnerships and real-world attack simulations.
Cyberross OU
Cyberross OU is an Estonia-based IT services and consulting company specializing in cybersecurity and information security management; provides penetration testing services through ethical hacking and systematic vulnerability assessments, with a team of 2 employees founded in 2020 in Tallinn, Estonia.
CybelAngel
Cybersecurity company specializing in external threat intelligence and attack surface management; headquartered in Paris, France; provides penetration testing and security evaluation services, including attack surface assessments and API security testing.
IDFix Securite
France-based IT services and consulting firm specializing in cybersecurity, compliance, and penetration testing; offers pentest, audits, and regulatory advisory for standards like ISO 27001, NIS2, and LPM; 2 employees, founded 2024, headquartered in Quint-Fonsegrives.
P1 Security
France-based cybersecurity firm specializing in mobile network security and penetration testing; headquartered in Paris with registration number RCS Paris 529778243; offers penetration testing, vulnerability assessments, and red team services, with expertise in telecom and mobile infrastructure security.
Stroople
France-based cybersecurity firm specializing in penetration testing (white, grey, black box); headquartered in Boulogne-Billancourt, Île-de-France, France, with SIREN registration 898925268; provides detailed technical reports and prioritized action plans for active security assessments.
Armada
France-based cybersecurity firm Armada - Exa offers managed infosec and cyberprotection services, including penetration testing, Red Teaming, Attack Surface Management, and Continuous Testing; holds CREST accreditation for penetration testing, demonstrating high technical standards and active security testing capabilities.
Neosec
Neosec is a private IT services and cybersecurity consulting company based in Mönchengladbach, Germany, with 4 employees and 25% YoY growth. It specializes in attack surface enumeration, vulnerability assessment, penetration testing, and AI/ML risk prediction, providing comprehensive security support to organizations.
Exploit Labs LLC
Cybersecurity company specializing in penetration testing, vulnerability assessments, and red teaming; based in Germany with a registered address in Eschborn and founded in 2022; provides cybersecurity services and training in the MENA and GCC regions; 1 employee, with active web and social media presence.
Edgescan
Cybersecurity company specializing in penetration testing, vulnerability management, and attack surface management; 72 employees, $10M revenue, founded 2011 in Dublin, Ireland; $13.6M funding; offers a unified platform for continuous security testing and PTaaS, with active market presence and recent security research publications.
CommSec Cyber Security
Irish cybersecurity company providing penetration testing, security assessments, and SOC as a service; 15 employees, founded 2013, headquartered in Blanchardstown, Dublin, Ireland; focuses on resilience, compliance, and risk reduction for organizations.
GuardYoo
GuardYoo is a cybersecurity firm specializing in automated data collection and analysis for cybercrime investigations; it provides penetration testing services as confirmed by press releases and partnerships, and is based in Cork, Ireland. Founded in 2018, it employs 2 people.
Holm Security
Cybersecurity company specializing in vulnerability management, attack surface management, and automated penetration testing; 54 employees (+6.7% YoY growth), $5M revenue, founded 2015 in Alvik, Sweden; $16.7M total funding, last round Nov 2022; offers services including penetration testing and cyber hygiene solutions.
Detectify
Detectify AB is a cybersecurity firm specializing in surface monitoring, vulnerability management, and attack surface protection; it provides automated penetration testing as a service (PTaaS) combining automated scans with human research. Founded in 2013 and headquartered in Stockholm, Sweden, it has 77 employees, $15.4M in annual revenue, and has raised $42M in funding. The company serves industries including consumer packaged goods, media & gaming, and public sector, with a global web presence of 51,498 monthly visits and a ranking of #577,807 worldwide.
Cynode
Cybersecurity company providing penetration testing and security assessment services; headquartered in Stockholm, Sweden; offers capability assessments, cyber maturity, and NIST assessments; founded with a focus on security posture measurement.
BXAR Inc.
Cybersecurity company specializing in offensive security and penetration testing; small team of 2 employees with 35+ years of combined expertise; based in Montreal, Canada; offers vulnerability assessment, social engineering, and security strategy services.
Realize Security
Cybersecurity company specializing in penetration testing and security assurance; CREST-approved and UKAS-accredited; 2 employees with +200% YoY growth; headquartered in London, UK.
Rootshell Security
Rootshell Security is a UK-based private IT & Services company specializing in vulnerability management and penetration testing; 35 employees with 1.9% YoY growth, founded in 2019, headquartered in Basingstoke, UK. It is a leading provider of Penetration Testing as a Service (PTaaS), combining innovative technology with seasoned professionals to deliver vendor-agnostic security solutions and continuous threat exposure management.
Jumpsec
UK cybersecurity firm Jumpsec Limited offers bespoke consultancy and CREST-certified penetration testing services, including application and threat-led pentests; based in London and Surrey, emphasizing technical excellence and expert-driven approaches.
Exploitr
UK-based cybersecurity firm specializing in penetration testing services; officially registered in Newport, Wales (Companies House 15939324); holds CREST Pathway Accreditation, confirming recognized credentials in pentest services.
UK Pen Testing – A LevelUp Networks service
Cybersecurity company specializing in penetration testing and security assessments; based in London, UK, with services including Penetration Testing as a Service, Web Application Penetration Testing, Red Team, Cloud Security, Phishing, Firewall Audits, and Ransomware Assessments; explicitly confirmed UK address in London.
ResilientX Security
Cybersecurity company specializing in penetration testing, attack surface management, and third-party risk solutions; provides active testing and simulated attack services with a focus on web, cloud, and network security; 10 employees; Founded 2022; London, UK.
VaultStrike
VaultStrike is a UK-based private cybersecurity firm specializing in real-time website protection, vulnerability assessment, penetration testing, and security monitoring. Founded in 2020 and experiencing 150% YoY growth with 4 employees, it offers advanced security products, training, and courses in web design, graphic design, video editing, and active directory security, positioning itself as a cybersecurity automation partner.
Data Connect Group
UK-based cybersecurity firm specializing in penetration testing; offers CREST-accredited services with a dedicated testing page and detailed FAQs; headquartered in Harrogate, West Yorkshire, with registered office in West Yorkshire.
Vulneri Segurança Digital
Cybersecurity company specializing in penetration testing and vulnerability management; founded in 2023, with 3 employees and 25% YoY growth; based in São Paulo, Brazil; offers security-focused cloud platform and services, emphasizing attacker-like vulnerability analysis and risk mitigation.
Leadcomm
Brazilian cybersecurity firm founded in 1991, specializing in digital security and penetration testing services; legally registered in São Paulo with CNPJ 01.549.227/0001-53; offers innovative solutions to enhance clients' security posture and maturity.
SecPro - Security Professionals
Information technology and services company specializing in cybersecurity, including penetration testing, ethical hacking, and vulnerability analysis; 8 employees with 12.5% YoY growth; founded in 2015; headquartered in Colombia. Recognized as a leader in information security solutions with a focus on supporting sustainable organizational development.
Crixo
Crixo is a Colombia-based cybersecurity firm founded in 2018, with 5 employees and +150% YoY growth. It specializes in vulnerability management, penetration testing, hacking simulation, and attack superstructure management, providing comprehensive cyber risk assessment and security testing services.
Rapid7
Cybersecurity company with regional Singapore presence via Rapid7 Singapore Pte. Ltd.; offers penetration testing services including network, web, social engineering, wireless, and red-team assessments.
Hacker Otodidak
Cybersecurity consulting and education company specializing in penetration testing services; offers professional web application penetration testing with documented deliverables; based in Batam, Indonesia with 22 employees and 15.8% YoY growth.