# Pentesting Providers > Find the right penetration testing company for your business The comprehensive directory of penetration testing providers. Compare pen testing companies by services, accreditations, compliance expertise, reviews, and more. Find CREST-certified, CHECK-approved, and OSCP-qualified pen testers. ## Key Facts - 84 penetration testing providers listed - 17 service categories - 19 compliance frameworks covered - Independent reviews and scoring ## Top Providers 1. SECFORCE (Score: 95) — Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements. 2. NCC Group (Score: 75) — Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services. 3. Nettitude (Score: 64) — CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure. 4. NetSPI (Score: 60) — Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks. 5. Pen Test Partners (Score: 60) — The UK's largest independent security testing firm, renowned for IoT/OT research, CBEST red teaming, and CHECK/CREST-accredited penetration testing across all sectors. 6. PwC Cyber Security (Score: 60) — Global Big Four professional services firm delivering CREST, CHECK, and CBEST-accredited penetration testing and red teaming services from London, serving the UK's largest enterprises and regulated organisations. 7. Dionach (Score: 60) — Global enterprise cybersecurity consultancy founded in 1999 in Oxford, holding rare CREST STAR-FS accreditation and delivering penetration testing, red and purple teaming, and PCI QSA services across five international offices. 8. MDSec (Score: 59) — Elite UK offensive security consultancy specialising in CBEST/STAR/TIBER red teaming, advanced adversary simulation, and CREST-accredited penetration testing for FTSE 100 clients. 9. Trustwave (Score: 57) — Global managed security provider with the elite SpiderLabs penetration testing team and deep PCI DSS compliance expertise. 10. Secarma (Score: 57) — Manchester-based independent cybersecurity consultancy with over 20 years of experience delivering CREST and CHECK-accredited penetration testing, red teaming, and compliance certification services. ## Services Covered - [Web Application Penetration Testing](https://pentestingproviders.com/services/web-application-penetration-testing) - [Network Penetration Testing](https://pentestingproviders.com/services/network-penetration-testing) - [Mobile App Penetration Testing](https://pentestingproviders.com/services/mobile-app-penetration-testing) - [IoT Penetration Testing](https://pentestingproviders.com/services/iot-penetration-testing) - [Cloud Penetration Testing](https://pentestingproviders.com/services/cloud-penetration-testing) - [API Penetration Testing](https://pentestingproviders.com/services/api-penetration-testing) - [Social Engineering](https://pentestingproviders.com/services/social-engineering) - [Red Teaming](https://pentestingproviders.com/services/red-teaming) - [Purple Teaming](https://pentestingproviders.com/services/purple-teaming) - [Physical Penetration Testing](https://pentestingproviders.com/services/physical-penetration-testing) - [Wireless Penetration Testing](https://pentestingproviders.com/services/wireless-penetration-testing) - [SCADA/ICS Penetration Testing](https://pentestingproviders.com/services/scada-ics-penetration-testing) - [Vulnerability Assessment](https://pentestingproviders.com/services/vulnerability-assessment) - [Source Code Review](https://pentestingproviders.com/services/source-code-review) - [Configuration Review](https://pentestingproviders.com/services/configuration-review) - [Assumed Breach Testing](https://pentestingproviders.com/services/assumed-breach-testing) - [AI & LLM Penetration Testing](https://pentestingproviders.com/services/ai-llm-penetration-testing) ## Compliance Frameworks - [ISO 27001 (ISO/IEC 27001 Information Security Management)](https://pentestingproviders.com/compliance/iso-27001) - [SOC 2 (SOC 2 Type II Service Organization Control)](https://pentestingproviders.com/compliance/soc-2) - [PCI DSS (Payment Card Industry Data Security Standard)](https://pentestingproviders.com/compliance/pci-dss) - [HIPAA (Health Insurance Portability and Accountability Act)](https://pentestingproviders.com/compliance/hipaa) - [GDPR (General Data Protection Regulation)](https://pentestingproviders.com/compliance/gdpr) - [NIS 2 (Network and Information Security Directive 2)](https://pentestingproviders.com/compliance/nis-2) - [DORA (Digital Operational Resilience Act)](https://pentestingproviders.com/compliance/dora) - [TISAX (Trusted Information Security Assessment Exchange)](https://pentestingproviders.com/compliance/tisax) - [FedRAMP (Federal Risk and Authorization Management Program)](https://pentestingproviders.com/compliance/fedramp) - [CMMC (Cybersecurity Maturity Model Certification)](https://pentestingproviders.com/compliance/cmmc) - [NIST CSF (NIST Cybersecurity Framework)](https://pentestingproviders.com/compliance/nist-csf) - [SOX (Sarbanes-Oxley Act)](https://pentestingproviders.com/compliance/sox) - [CCPA (California Consumer Privacy Act)](https://pentestingproviders.com/compliance/ccpa) - [Cyber Essentials (Cyber Essentials / Cyber Essentials Plus)](https://pentestingproviders.com/compliance/cyber-essentials) - [TIBER-EU (Threat Intelligence-Based Ethical Red Teaming (EU))](https://pentestingproviders.com/compliance/tiber-eu) - [POPIA (Protection of Personal Information Act (South Africa))](https://pentestingproviders.com/compliance/popia) - [PIPEDA (Personal Information Protection and Electronic Documents Act (Canada))](https://pentestingproviders.com/compliance/pipeda) - [NESA (National Electronic Security Authority (UAE))](https://pentestingproviders.com/compliance/nesa) - [Cyber Resilience Act (EU Cyber Resilience Act (Regulation (EU) 2024/2847))](https://pentestingproviders.com/compliance/cyber-resilience-act) ## Key Pages - [Homepage](https://pentestingproviders.com) - [Submit a Provider](https://pentestingproviders.com/submit-provider) - [Submit a Review](https://pentestingproviders.com/submit-review) - [Full Provider & Page Data](https://pentestingproviders.com/llms-full.txt)