Pentesting Providers
Cure53 logo

Cure53

Berlin-based specialists in web security, browser security, and cryptographic auditing, trusted by the world's leading VPN providers and privacy tools.

Headquarters
Berlin, Germany
Founded
2013
Team Size
11-50
Geography
Global
Markets
Europe, Global
Last verified: Feb 2026
Review Cure53Write a Review

About

Cure53 is a highly specialized cybersecurity auditing firm based in Berlin, Germany, renowned for their expertise in web security, browser security, and cryptographic protocol review. Founded in 2013 by Dr. Mario Heiderich, the firm has built an exceptional reputation through hundreds of published audit reports for some of the world's most prominent open-source projects and technology companies.

Cure53 is the go-to auditor for VPN providers, password managers, messaging applications, and browser extensions, with their public audit reports becoming a mark of credibility in the privacy and security tool market. The company's expertise extends deep into DOM security, XSS prevention, Content Security Policy, and other web-specific attack vectors that many generalist penetration testing firms lack the depth to properly assess.

Cure53 has audited notable projects including ExpressVPN, NordVPN, 1Password, Bitwarden, Wire messenger, and numerous other privacy-focused tools. Their team combines academic research with practical exploitation skills, and several team members are recognized experts in browser security and web standards. While relatively small compared to large consultancies, Cure53's focused expertise and published track record make them the premium choice for web application and cryptographic security audits.

Services

Web Application Penetration TestingAPI Penetration TestingSource Code ReviewConfiguration ReviewMobile App Penetration Testing

Accreditations

OSCP Employer

Compliance Expertise

GDPRISO 27001

Best For

EnterpriseStartup
Industries
TechnologyTelecommunications

Methodologies

OWASPPTES

Team Activity

Speaker: AppSec EU
Speaker: LocoMocoSec
Speaker: RuhrSec
Open source: DOMPurify
Open source: HTTPLeaks

Compare With

Reviews

Be the first to share your experience with Cure53.

Be the first to review Cure53
Is this your company? Claim this profile

Related Providers

Aardwolf Security logo

Aardwolf Security

Boutique UK penetration testing consultancy in Milton Keynes specialising in manual, expert-led security assessments across web applications, APIs, cloud, and mobile platforms.

Milton Keynes, United KingdomContact for pricing
Web ApplicationNetworkMobile App+7
CRESTOSCP EmployerCyber Essentials
Verified Feb 2026
ProfileCompare
Editor's Top PickTop UK ProviderElite Red TeamCREST CertifiedResearch-DrivenTrusted by Enterprise
SECFORCE logo

SECFORCE

Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements.

London, United KingdomContact for pricing
Web ApplicationNetworkMobile App+10
CRESTISO 27001Cyber Essentials
Verified Feb 2026
ProfileCompare
Best OverallElite TestersResearch Pioneers
Bishop Fox logo

Bishop Fox

Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform.

Tempe, Arizona, United StatesContact for pricing
Web ApplicationNetworkMobile App+8
SOC 2OSCP Employer
Verified Feb 2026
ProfileCompare
Trail of Bits logo

Trail of Bits

Elite security research firm specializing in source code review, blockchain auditing, and building industry-standard open-source security tools.

New York, New York, United StatesContact for pricing
Source Code ReviewWeb ApplicationAPI+3
OSCP Employer
Verified Feb 2026
ProfileCompare