Punk Security Logo

Punk Security


We’re on a mission to make the ideals of DevSecOps achievable and accessible to businesses of all sizes. DevSecOps is difficult to get right for even the largest businesses, but is completely out of reach for any businesses without dedicated application security professionals. We want to change that.

We are able to deliver a wide range of cyber security services, including traditional cyber security services and the more specialist DevSecOps consulting services.


Our Story

Punk Security is founded

Punk Security was founded in early 2021, and has grown year on year because of our unwavering commitment to our customers.

We started out doing this through our consulting and auditing services, and used our DevSecOps expertise to provide industry-leading code-assisted penetration testing.

We ran the first DevSecOps CTF

We ran our DevSecOps CTF for the first time, celebrating our birthday and introducing over 800 players to the concepts behind DevSecOps and the attacks it defends against

We released dnsReaper

We released dnsReaper, which is our subdomain takeover detection tool and our most popular opensource project. With thousands of supporters on Github, and now with a completely free-to-use web version.

Opened our office in C4DI

We opened our first office in Northallerton, whilst remaining a remote-first organisation with employees across the UK.

Launched Gamified learning

It was not long until we launched our gamified DevSecOps training services, built upon the community outreach projects we’d developed.

By late 2023, we had worked with countries across the globe to deliver developer security awareness training.

Launched our partner program

Our partner program is launched, allowing our partners to offer CREST accredited penetration testing to their customers.

We’ve really thought about what the program needs to do to support our customers and our partners, and we’ve worked hard to build a program that works for everyone. The result is free retesting, unparalleled customer satisfaction, and unlimited pre-sales support to guarantee the best fit.

Fully-Managed DevSecOps

Our managed DevSecOps service launched in late 2024 and provides the first truly turn-key, human-centric DevSecOps product. Our platform monitors and analyses all code changes, whilst our experts monitor and manage the results for you.

This product, built upon our expertise and research, allows us to bring the benefit of DevSecOps to businesses with as few as 5 or 6 developers.

Moved our HQ to Evolution

We outgrew our first office and moved to Evolution in Northallerton, providing room for our continued growth and additional offices for further expansion.

About Us

We’re a DevSecOps company

We build security into automated pipelines

Today’s application developers rely heavily on automation to rapidly implement fixes and features through delivery pipelines.

We enable our customers to build security gates into these pipelines, driving down risk at every step.

We understand the threat

We are experienced penetration testers and vulnerability researchers so we know a false positive from a real vulnerability.

We’re a security company

Traditional security services

We offer the full range of traditional InfoSec services including security assurance, architecture reviews and vCISO.

Penetration testing and auditing

We perform full infrastructure and web application penetration testing, in both cloud and on-premise environments.

We’re a DevOps company

Any Cloud

We work with all major cloud platforms, allowing us to audit environments and build secure automation no matter which flavour you use.

Any Tool

We don’t just resell one vendor, we use the right tools to suit each client and we always ensure we build the simplest and most robust configuration.

We automate

We work with the leading automation orchestrators to eliminate repetitive tasks and promote robust processes.

We care

Open source developers

We contribute to existing opensource products and maintain two of our own. Check out pwnSpoof and SMBeagle

Community speakers

We regularly talk at major conferences such as DTX, @Hack and Blackhat

CTF contributors

We directly support CTF competitions like BSIDES to help inspire and train the next generation.

We aso run our own annual DevSecOps CTF to upskill the next generation