OSSTMM Penetration Testing Providers

Open Source Security Testing Methodology Manual · Published by ISECOM

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics, developed and maintained by the Institute for Security and Open Methodologies (ISECOM). Unlike other testing frameworks that focus primarily on finding vulnerabilities, OSSTMM takes a scientific approach to security testing by measuring the actual attack surface and quantifying security through its Risk Assessment Values (RAV) scoring system.

OSSTMM version 3 defines five channels of security testing: Human Security, Physical Security, Wireless Communications, Telecommunications, and Data Networks. Each channel is tested for operational security, controls, and limitations using a consistent set of testing modules. The methodology's emphasis on measurable security outcomes rather than subjective risk ratings makes it particularly valuable for organisations that need to demonstrate security improvements over time or compare security posture across different systems and environments.

OSSTMM's comprehensive scope, covering physical, human, and technical dimensions, makes it well-suited for organisations seeking a holistic security assessment rather than purely technical testing. The methodology is freely available under a Creative Commons licence, and its structured approach to quantifying security helps organisations move beyond checkbox compliance toward genuine security improvement.

Key Features

—Five-channel security testing model
—RAV quantitative scoring system
—Covers human and physical security
—Scientific measurement approach
—Peer-reviewed methodology

Best For

—Holistic security assessments
—Quantitative security measurement
—Physical security testing
—Telecommunications security
—Security posture benchmarking

Official OSSTMM resource →

Providers using OSSTMM (15)

15 providers

Best UK ProviderBest for EnterpriseResearch Leaders

NCC Group

Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.

Manchester, United KingdomContact for pricing

Web ApplicationNetworkMobile App+13

CRESTCHECKCBEST+5

Verified Feb 2026

Read NCC Group profile

CREST CertifiedAdversary Simulation

SECFORCE

Canary Wharf-based adversary simulation and CBEST-aligned penetration testing consultancy, delivering CREST-accredited offensive security to UK financial services and other organisations with the most demanding requirements.

London, United KingdomContact for pricing

Web ApplicationNetworkMobile App+10

CRESTISO 27001Cyber Essentials

Verified Feb 2026

Read SECFORCE profile

Top US ProviderFedRAMP 3PAOPCI QSAHITRUST AssessorEnterprise Scale

GuidePoint Security

US-headquartered cybersecurity consultancy with 800+ employees, serving ~40% of the Fortune 500. FedRAMP 3PAO, PCI QSA, and HITRUST accreditations.

Reston, United StatesContact for pricing

Web ApplicationNetworkMobile App+12

FedRAMP 3PAOPCI QSASOC 2+1

Read GuidePoint Security profile

Best OverallElite TestersResearch Pioneers

Bishop Fox

Tempe, Arizona-headquartered offensive security firm and Black Hat / DEF CON regulars, makers of the Cosmos continuous attack surface management platform.

Tempe, Arizona, United StatesContact for pricing

Web ApplicationNetworkMobile App+8

SOC 2OSCP Employer

Verified Feb 2026

Read Bishop Fox profile

Global Defence PlayerANSSI-QualifiedNATO-ClearedFedRAMP 3PAOTIBER-EU Specialist

Thales Cyber Solutions

Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.

Paris, FranceContact for pricing

Web ApplicationNetworkCloud+9

CRESTFedRAMP 3PAOISO 27001+1

Read Thales Cyber Solutions profile

Payment Security LeadersPCI QSAPCI PFIGerman-Speaking Team

usd AG

Frankfurt-based European payment security specialist holding the full set of PCI credentials (QSA, PFI, ASV, P2PE). Manual-first penetration testing for fintechs, acquirers, and regulated enterprises.

Frankfurt, GermanyContact for pricing

Web ApplicationNetworkCloud+6

PCI QSAPCI PFIPCI ASV+1

Read usd AG profile

Elite Red TeamAdversary Simulation SpecialistsPTES Co-AuthorsResearch-Driven

Lares Consulting

Denver-based offensive security boutique with a community-first red team culture. Home of PTES co-authors and the Continuous Red Team retainer.

Denver, United StatesContact for pricing

Web ApplicationNetworkCloud+7

OSCP EmployerSOC 2

Read Lares Consulting profile

SEC Consult

Vienna-headquartered Austrian cybersecurity consultancy with a prolific Vulnerability Lab research program and deep expertise in IoT and embedded systems security across the DACH region.

Vienna, AustriaContact for pricing

Web ApplicationNetworkMobile App+7

ISO 27001

Verified Feb 2026

Read SEC Consult profile

IOActive

Boutique security consultancy specialising in IoT, SCADA/ICS, embedded systems, and hardware security research with world-renowned researchers.

Seattle, Washington, United StatesContact for pricing

Web ApplicationNetworkIoT+7

OSCP Employer

Verified Feb 2026

Read IOActive profile

IT Governance

Established Ely-based compliance and cybersecurity consultancy offering CREST-approved penetration testing as part of a comprehensive governance, risk management, and compliance portfolio.

Ely, United KingdomContact for pricing

Web ApplicationNetworkVulnerability Assessment+1

CRESTISO 27001PCI QSA+1

Verified Feb 2026

Read IT Governance profile

Top German ProviderBSI ExpertsDACH SpecialistsCRA-Ready

HiSolutions

Berlin-headquartered German cybersecurity consultancy with 30+ years of BSI IT-Grundschutz experience. Trusted by federal agencies, DAX corporations, and critical infrastructure operators.

Berlin, GermanyContact for pricing

Web ApplicationNetworkCloud+8

BSI CertifiedISO 27001ISO 9001

Read HiSolutions profile

Offensive Security

Creators of OSCP, Kali Linux, and Exploit-DB, offering penetration testing services from the team that trains the world's ethical hackers.

New York, New York, United StatesContact for pricing

Web ApplicationNetworkRed Teaming+5

OSCP Employer

Verified Feb 2026

Read Offensive Security profile

OSSTMM FAQs

What makes OSSTMM different from other methodologies?+

OSSTMM uniquely focuses on measuring security quantitatively through its RAV scoring system, rather than simply finding vulnerabilities. It also covers physical and human security channels alongside technical testing.

Is OSSTMM free to use?+

Yes, OSSTMM is available under a Creative Commons licence from ISECOM. The full methodology manual can be downloaded freely from their website.

What is the RAV score?+

The Risk Assessment Value (RAV) is OSSTMM's quantitative scoring system that measures the relationship between operational controls and the attack surface to produce a numerical security score, enabling objective comparison over time.

Other Methodologies

OWASP PTES NIST CREST TIBER-EU CBEST STAR