Pentest.fyi

Pentest.fyi is your essential mobile-first directory for navigating the global penetration testing landscape. Designed with a clean, intuitive interface that works perfectly on any device, it connects organizations directly with over 7,599 vetted cybersecurity service providers. The platform is built for anyone responsible for strengthening their organization's security posture, from IT managers and CISOs in startups to procurement specialists in large enterprises. Its core value lies in transforming a traditionally complex and opaque vendor search into a simple, transparent, and data-driven process. Instead of relying on scattered web searches or unverified referrals, you can use powerful, granular filters to find a partner that matches your specific needs based on location, company size, technical certifications, and proven expertise like CVE publication. Each detailed company profile provides the critical information needed to make an informed, confident decision, saving you time and reducing risk in selecting the right cybersecurity ally.

Global Provider Database

Access a meticulously curated and constantly updated directory of 7,599 penetration testing companies from every corner of the world. This extensive database ensures you are not limited by geography and can find specialized expertise whether you need a local firm for on-site assessments or a global leader for complex, distributed infrastructure testing. The sheer scale provides unparalleled choice and comparison opportunities.

Advanced Filtering & Search

Quickly narrow down the perfect match with a sophisticated set of filters that work seamlessly on mobile and desktop. Search by geographic region, specific country or city, company size (from boutique firms to large corporations), and crucially, by over 70 professional certifications like OSCP, CREST, and ISO 27001. The unique "Publishes CVEs" filter helps identify firms with proven, offensive security research credentials.

Detailed Company Profiles

Move beyond basic contact details. Each listing serves as a comprehensive dossier, presenting essential data points including exact location, employee count, annual revenue trends, and a clear breakdown of specific service offerings like web app testing, cloud security audits, or compliance checks. This depth of information is designed for thorough evaluation and shortlisting during the vendor selection process.

User-Centric Mobile Design

The platform is engineered for a superior mobile experience, recognizing that research and procurement decisions often happen on-the-go. The clean, responsive layout ensures all features—from browsing listings to applying detailed filters—are easily accessible and fully functional on smartphones and tablets, putting critical cybersecurity vendor intelligence directly in your pocket.

Sourcing a Compliance-Specific Auditor

An organization needing a penetration test to satisfy PCI DSS, HIPAA, or SOC 2 compliance requirements can use the certification filters to instantly identify firms holding those specific accreditations. This ensures the selected vendor has the recognized expertise to perform the audit correctly and provide the necessary documentation for regulators and clients.

Finding a Local or Regional Expert

A business preferring a penetration testing partner with local knowledge, language proficiency, or the ability for on-site engagement can filter by country and city. This is ideal for testing physical security controls, conducting social engineering exercises, or ensuring data residency requirements are met during the assessment process.

Evaluating Boutique vs. Enterprise Firms

A project manager can compare providers by size to align with project scope and budget. Filter for "X-Small" or "Small" firms for a focused, potentially more agile assessment of a single web application. Conversely, filter for "Large" or "XL" providers when seeking a full-scale security program assessment for a multinational enterprise with complex needs.

Identifying Research-Oriented Testers

A tech company with a cutting-edge product wants testers who can find novel, deep vulnerabilities. By filtering for companies that "Publish CVEs," they can identify firms whose teams actively contribute to security research, indicating a higher level of skill in discovering and exploiting unique and complex security flaws.

How does Pentest.fyi ensure the accuracy of its listings?

The platform aggregates and verifies data from multiple public and professional sources to build its comprehensive directory. While it encourages companies to claim and update their own profiles for accuracy, it also employs cross-referencing techniques. Users are advised to perform their own due diligence, using the profile information as a powerful starting point for further research and direct inquiry with the service providers.

Is it free to use Pentest.fyi to search for companies?

Yes, searching, filtering, and browsing the extensive directory of penetration testing providers on Pentest.fyi is completely free for all users. The platform is designed as an open resource to simplify the vendor discovery process for the cybersecurity community. There are no subscription fees or charges to access the database and its powerful filtering tools.

What does the "Publishes CVEs" filter mean?

This filter identifies security firms whose employees have a documented history of discovering and responsibly disclosing critical software vulnerabilities by publishing Common Vulnerabilities and Exposures (CVE) records. Selecting "Yes" for this filter helps you find testers with proven offensive security research capabilities and deep technical expertise in vulnerability discovery, beyond standard checklist testing.

How can a company get listed or update its information on Pentest.fyi?

Penetration testing companies can submit their details for inclusion through the "Submit Company" link prominently featured on the platform. This process allows firms to ensure their profile is accurate, comprehensive, and visible to potential clients searching for their specific services, certifications, and geographic location.