# Pentesting Providers > Find the right penetration testing company for your business The comprehensive directory of penetration testing providers. Compare pen testing companies by services, accreditations, compliance expertise, reviews, and more. Find CREST-certified, CHECK-approved, and OSCP-qualified pen testers. ## Key Facts - 31 penetration testing providers listed - 16 service categories - 14 compliance frameworks covered - Independent reviews and scoring ## Top Providers 1. SECFORCE (Score: 95) — Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements. 2. NCC Group (Score: 75) — Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services. 3. Nettitude (Score: 64) — CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure. 4. NetSPI (Score: 60) — Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks. 5. Trustwave (Score: 57) — Global managed security provider with the elite SpiderLabs penetration testing team and deep PCI DSS compliance expertise. 6. Bridewell (Score: 56) — Fast-growing CREST and CHECK-accredited UK cybersecurity consultancy with deep expertise in critical national infrastructure sectors. 7. Pentest People (Score: 55) — CREST and CHECK-accredited UK penetration testing firm with an innovative SecurePortal platform and transparent pricing for mid-market organizations. 8. Mandiant (Score: 53) — World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience. 9. Bishop Fox (Score: 50) — Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform. 10. Rapid7 (Score: 50) — Creators of Metasploit offering enterprise penetration testing integrated with their comprehensive vulnerability management and security operations platform. ## Services Covered - [Web Application Penetration Testing](https://www.pentestingproviders.com/services/web-application-penetration-testing) - [Network Penetration Testing](https://www.pentestingproviders.com/services/network-penetration-testing) - [Mobile App Penetration Testing](https://www.pentestingproviders.com/services/mobile-app-penetration-testing) - [IoT Penetration Testing](https://www.pentestingproviders.com/services/iot-penetration-testing) - [Cloud Penetration Testing](https://www.pentestingproviders.com/services/cloud-penetration-testing) - [API Penetration Testing](https://www.pentestingproviders.com/services/api-penetration-testing) - [Social Engineering](https://www.pentestingproviders.com/services/social-engineering) - [Red Teaming](https://www.pentestingproviders.com/services/red-teaming) - [Purple Teaming](https://www.pentestingproviders.com/services/purple-teaming) - [Physical Penetration Testing](https://www.pentestingproviders.com/services/physical-penetration-testing) - [Wireless Penetration Testing](https://www.pentestingproviders.com/services/wireless-penetration-testing) - [SCADA/ICS Penetration Testing](https://www.pentestingproviders.com/services/scada-ics-penetration-testing) - [Vulnerability Assessment](https://www.pentestingproviders.com/services/vulnerability-assessment) - [Source Code Review](https://www.pentestingproviders.com/services/source-code-review) - [Configuration Review](https://www.pentestingproviders.com/services/configuration-review) - [Assumed Breach Testing](https://www.pentestingproviders.com/services/assumed-breach-testing) ## Compliance Frameworks - [ISO 27001 (ISO/IEC 27001 Information Security Management)](https://www.pentestingproviders.com/compliance/iso-27001) - [SOC 2 (SOC 2 Type II Service Organization Control)](https://www.pentestingproviders.com/compliance/soc-2) - [PCI DSS (Payment Card Industry Data Security Standard)](https://www.pentestingproviders.com/compliance/pci-dss) - [HIPAA (Health Insurance Portability and Accountability Act)](https://www.pentestingproviders.com/compliance/hipaa) - [GDPR (General Data Protection Regulation)](https://www.pentestingproviders.com/compliance/gdpr) - [NIS 2 (Network and Information Security Directive 2)](https://www.pentestingproviders.com/compliance/nis-2) - [DORA (Digital Operational Resilience Act)](https://www.pentestingproviders.com/compliance/dora) - [TISAX (Trusted Information Security Assessment Exchange)](https://www.pentestingproviders.com/compliance/tisax) - [FedRAMP (Federal Risk and Authorization Management Program)](https://www.pentestingproviders.com/compliance/fedramp) - [CMMC (Cybersecurity Maturity Model Certification)](https://www.pentestingproviders.com/compliance/cmmc) - [NIST CSF (NIST Cybersecurity Framework)](https://www.pentestingproviders.com/compliance/nist-csf) - [SOX (Sarbanes-Oxley Act)](https://www.pentestingproviders.com/compliance/sox) - [CCPA (California Consumer Privacy Act)](https://www.pentestingproviders.com/compliance/ccpa) - [Cyber Essentials (Cyber Essentials / Cyber Essentials Plus)](https://www.pentestingproviders.com/compliance/cyber-essentials) ## Key Pages - [Homepage](https://www.pentestingproviders.com) - [Compare Providers](https://www.pentestingproviders.com/compare) - [Submit a Provider](https://www.pentestingproviders.com/submit-provider) - [Submit a Review](https://www.pentestingproviders.com/submit-review) - [Full Provider & Page Data](https://www.pentestingproviders.com/llms-full.txt)