OSSTMM Penetration Testing Providers

Open Source Security Testing Methodology Manual · Published by ISECOM

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics, developed and maintained by the Institute for Security and Open Methodologies (ISECOM). Unlike other testing frameworks that focus primarily on finding vulnerabilities, OSSTMM takes a scientific approach to security testing by measuring the actual attack surface and quantifying security through its Risk Assessment Values (RAV) scoring system.

OSSTMM version 3 defines five channels of security testing: Human Security, Physical Security, Wireless Communications, Telecommunications, and Data Networks. Each channel is tested for operational security, controls, and limitations using a consistent set of testing modules. The methodology's emphasis on measurable security outcomes rather than subjective risk ratings makes it particularly valuable for organisations that need to demonstrate security improvements over time or compare security posture across different systems and environments.

OSSTMM's comprehensive scope, covering physical, human, and technical dimensions, makes it well-suited for organisations seeking a holistic security assessment rather than purely technical testing. The methodology is freely available under a Creative Commons licence, and its structured approach to quantifying security helps organisations move beyond checkbox compliance toward genuine security improvement.

Key Features

  • Five-channel security testing model
  • RAV quantitative scoring system
  • Covers human and physical security
  • Scientific measurement approach
  • Peer-reviewed methodology

Best For

  • Holistic security assessments
  • Quantitative security measurement
  • Physical security testing
  • Telecommunications security
  • Security posture benchmarking

Providers using OSSTMM (16)

16 providers
CREST CertifiedAdversary Simulation
SECFORCE logo

SECFORCE

Canary Wharf-based adversary simulation and CBEST-aligned penetration testing consultancy, delivering CREST-accredited offensive security to UK financial services and other organisations with the most demanding requirements.

London, United KingdomPremium
Web ApplicationNetworkMobile App+10
CRESTCBESTISO 27001+2
Verified Jun 2026
Global Defence PlayerANSSI-Qualified
Thales Cyber Solutions logo

Thales Cyber Solutions

Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.

Paris, FranceEnterprise
Web ApplicationNetworkCloud+9
CRESTFedRAMP 3PAOISO 27001+1
Verified Apr 2026
Top US ProviderFedRAMP 3PAO
GuidePoint Security logo

GuidePoint Security

US-headquartered cybersecurity consultancy with 800+ employees, serving ~40% of the Fortune 500. FedRAMP 3PAO, PCI QSA, and HITRUST accreditations.

Reston, United StatesEnterprise
Web ApplicationNetworkMobile App+12
FedRAMP 3PAOPCI QSASOC 2+1
Verified Apr 2026
Best OverallElite Testers
Bishop Fox logo

Bishop Fox

Tempe, Arizona-headquartered offensive security firm and Black Hat / DEF CON regulars, makers of the Cosmos continuous attack surface management platform.

Tempe, Arizona, United StatesEnterprise
Web ApplicationNetworkMobile App+8
SOC 2OSCP Employer
Verified May 2026
Payment Security LeadersPCI QSA
usd AG logo

usd AG

Frankfurt-based European payment security specialist holding the full set of PCI credentials (QSA, PFI, ASV, P2PE). Manual-first penetration testing for fintechs, acquirers, and regulated enterprises.

Frankfurt, GermanyPremium
Web ApplicationNetworkCloud+6
PCI QSAPCI PFIPCI ASV+1
Verified May 2026
Elite Red TeamAdversary Simulation Specialists
Lares Consulting logo

Lares Consulting

Denver-based offensive security boutique with a community-first red team culture. Home of PTES co-authors and the Continuous Red Team retainer.

Denver, United StatesPremium
Web ApplicationNetworkCloud+7
OSCP EmployerSOC 2
Verified Apr 2026
SEC Consult logo

SEC Consult

Vienna-headquartered Austrian cybersecurity consultancy with a prolific Vulnerability Lab research program and deep expertise in IoT and embedded systems security across the DACH region.

Vienna, AustriaPremium
Web ApplicationNetworkMobile App+7
ISO 27001
Verified May 2026
IT Governance logo

IT Governance

Established Ely-based compliance and cybersecurity consultancy offering CREST-approved penetration testing as part of a comprehensive governance, risk management, and compliance portfolio.

Ely, United KingdomBudget
Web ApplicationNetworkVulnerability Assessment+1
CRESTISO 27001PCI QSA+1
Verified Mar 2026
IOActive logo

IOActive

Boutique security consultancy specialising in IoT, SCADA/ICS, embedded systems, and hardware security research with world-renowned researchers.

Seattle, Washington, United StatesEnterprise
Web ApplicationNetworkIoT+7
OSCP Employer
Verified Apr 2026
Top German ProviderBSI Experts
HiSolutions logo

HiSolutions

Berlin-headquartered German cybersecurity consultancy with 30+ years of BSI IT-Grundschutz experience. Trusted by federal agencies, DAX corporations, and critical infrastructure operators.

Berlin, GermanyPremium
Web ApplicationNetworkCloud+8
BSI CertifiedISO 27001ISO 9001
Verified May 2026
Wizlynx Group logo

Wizlynx Group

Swiss cybersecurity firm with major Singapore operation. CREST accredited, CSA-licensed in Singapore. Manual exploitation focus with the proprietary MAD reporting platform.

Zurich, Switzerland
Web ApplicationNetworkMobile App+5
CRESTISO 27001
Verified Jun 2026
Offensive Security logo

Offensive Security

Creators of OSCP, Kali Linux, and Exploit-DB, offering penetration testing services from the team that trains the world's ethical hackers.

New York, New York, United StatesPremium
Web ApplicationNetworkRed Teaming+5
OSCP Employer
Verified Apr 2026

OSSTMM FAQs

What makes OSSTMM different from other methodologies?+

OSSTMM uniquely focuses on measuring security quantitatively through its RAV scoring system, rather than simply finding vulnerabilities. It also covers physical and human security channels alongside technical testing.

Is OSSTMM free to use?+

Yes, OSSTMM is available under a Creative Commons licence from ISECOM. The full methodology manual can be downloaded freely from their website.

What is the RAV score?+

The Risk Assessment Value (RAV) is OSSTMM's quantitative scoring system that measures the relationship between operational controls and the attack surface to produce a numerical security score, enabling objective comparison over time.

Other Methodologies