Ethical Hacking. PHOTO: Cybercrime Magazine.

10 Hot Ethical Hacking Companies To Watch In 2023

Penetration testing is a skillset and a mindset

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Feb 15, 2023

“If you’re spending one dollar on cybersecurity and you’re not doing penetration testing, then you’re doing something terribly wrong,” says Seemant Sehgal, founder and CEO at BreachLock.

Why? “Because you don’t know if the defenses you’ve put in place are actually working,” adds Sehgal, an expert pen tester with more than 16 years of network security experience.

Penetration testing, also known as pentesting or ethical hacking, is the authorized simulation of cyberattacks on IoT devices, networks, software programs, users, and web applications, in order to evaluate the security of a system.

No matter how secure you might think a network is, you really don’t know until it’s been hacked. So you might as well call in the pentesting troops before the cybercriminals get to it.



Who’s a pentester?

“Hacking is not really a skillset, it’s a mindset,” says Sehgal. He offers up Kevin Mitnick, often referred to as the world’s most famous hacker, as a historical example given the practice of ethical intrusion dates to phreakers in the 1970s.

While today’s pentester may have earned a technical certification such as the CEH (certified ethical hacker), they must also possess a knack for cat-and-mouse play and advanced social engineering skills.

“Cybersecurity can be a very crowded market,” notes Sehgal, and that definitely goes for pentesting. He explains three types of companies: technology centric or automated vulnerability scanning; bug bounty or crowdsourced services; boutique firms selling man hours.

HOT PENTESTING COMPANIES

Who’s who in the penetration testing space? Here’s 10 hot companies the editors at Cybercrime Magazine are watching in 2023, and you should too.

  • BreachLock, New York, N.Y. Discover comprehensive penetration testing services from BreachLock, the global leader in Pen Testing as a Service (PTaaS). Powered by Certified Hackers that combine AI and human expertise — we help you solve the problems of scalability and cost within an agile, DevOps ready SaaS platform.
  • Bugcrowd, San Francisco, Calif. The Bugcrowd Platform’s modern, highly configurable Pen Testing as a Service (PTaaS) suite delivers fast, high-impact results for both compliance and risk reduction. Launch pen tests against any target in days, see prioritized findings in real time, and flow them into your DevSec processes for fast remediation.
  • CrowdStrike, Sunnyvale, Calif. Penetration Testing Services simulate real-world attacks on different components of your IT environment to test the detection and response capabilities of your people, processes and technology and identify where vulnerabilities exist in your environment.
  • HackerOne, San Francisco, Calif. Penetration tests are often delivered with limited transparency into the testing process. Experience a creative, community-led approach that gives you more coverage, instant results, and seamless remediation workflows — all in one platform.
  • ImmuniWeb, Geneva, Switzerland. ImmuniWeb® On-Demand leverages our award-winning Machine Learning technology to accelerate and enhance web penetration testing. Every pentest is easily customizable and provided with a zero false-positives SLA. Unlimited patch verifications and 24/7 access to our security analysts are included in every project.


  • Mitnick Security, Stop making cybersecurity decisions based on hypotheticals and case studies analyzing other companies. Hire the best of the best to perform the ultimate security assessment and penetration testing. Kevin Mitnick and The Global Ghost Team craft customized attacks and are fluent in the modalities to perform all types of penetration tests.
  • Offensive Security, New York, N.Y. Offensive Security offers penetration testing services on a low volume basis, with an average of only 10 clients per year. Their assessments have a two-week minimum engagement length, with the average engagement being four weeks long. Unlike other companies that focus on assembly line assessments, they take a unique approach.
  • Pentera, Petah Tikva, Israel. Evaluate your security readiness with the Pentera Automated Security Validation Platform to know your real security risk at any given moment. Test all cybersecurity layers across your attack surface — inside and out — by safely emulating attacks and prioritize patching with a risk-based remediation roadmap.
  • Raxis, Atlanta, Ga. Raxis PTaaS gives you fast turnaround times while maintaining quality. Their pentesting team will monitor your attack surface at all times, providing you with near real-time deep targeted insights into potential exploits. With Raxis PTaaS, you’ll be able to more efficiently eliminate emerging threats that specifically affect your organization.
  • Synack, Redwood City, Calif. Synack, one of the world’s largest pentesting providers, finds exploitable vulnerabilities faster than traditional pentesting with our community of ethical security researchers paired with smart technology. Synack offers an on-demand security testing platform, enabling continuous pentesting on web and mobile applications, networks, APIs, and cloud assets.

Cybercrime Magazine will be expanding our coverage of ethical hacking and this list in 2024.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by BreachLock

Affordable, Smarter and Scalable Cyber Security Testing

BreachLock™ offers a SaaS platform that enables our clients to request and receive a comprehensive penetration test with a few clicks.

Our unique approach makes use of manual as well as automated vulnerability discovery methods aligned with industry best practices.

We execute in-depth manual penetration testing and provide you with both offline and online reports. We retest your fixes and certify you for executing a Penetration Test. This is followed up with monthly automated scanning delivered via the BreachLock platform. Throughout this process, you have access to the platform and our security experts who will help you find, fix, and prevent the next cyber breach.

BreachLock has offices in The Netherlands, London, New York City, and Wilmington, Del.