
Punk Security
We’re on a mission to make the ideals of DevSecOps achievable and accessible to businesses of all sizes. DevSecOps is difficult to get right for even the largest businesses, but is completely out of reach for any businesses without dedicated application security professionals. We want to change that.
We are able to deliver a wide range of cyber security services, including traditional cyber security services and the more specialist DevSecOps consulting services.
Our Story
Punk Security is founded
Punk Security was founded in early 2021, and has grown year on year because of our unwavering commitment to our customers.
We started out doing this through our consulting and auditing services, and used our DevSecOps expertise to provide industry-leading code-assisted penetration testing.
We ran the first DevSecOps CTF
We ran our DevSecOps CTF for the first time, celebrating our birthday and introducing over 800 players to the concepts behind DevSecOps and the attacks it defends against
We released dnsReaper
We released dnsReaper, which is our subdomain takeover detection tool and our most popular opensource project. With thousands of supporters on Github, and now with a completely free-to-use web version.
Opened our office in C4DI
We opened our first office in Northallerton, whilst remaining a remote-first organisation with employees across the UK.
Launched Gamified learning
It was not long until we launched our gamified DevSecOps training services, built upon the community outreach projects we’d developed.
By late 2023, we had worked with countries across the globe to deliver developer security awareness training.
Launched our partner program
Our partner program is launched, allowing our partners to offer CREST accredited penetration testing to their customers.
We’ve really thought about what the program needs to do to support our customers and our partners, and we’ve worked hard to build a program that works for everyone. The result is free retesting, unparalleled customer satisfaction, and unlimited pre-sales support to guarantee the best fit.
Fully-Managed DevSecOps
Our managed DevSecOps service launched in late 2024 and provides the first truly turn-key, human-centric DevSecOps product. Our platform monitors and analyses all code changes, whilst our experts monitor and manage the results for you.
This product, built upon our expertise and research, allows us to bring the benefit of DevSecOps to businesses with as few as 5 or 6 developers.
Moved our HQ to Evolution
We outgrew our first office and moved to Evolution in Northallerton, providing room for our continued growth and additional offices for further expansion.
About Us
We’re a DevSecOps company
We build security into automated pipelines
Today’s application developers rely heavily on automation to rapidly implement fixes and features through delivery pipelines.
We enable our customers to build security gates into these pipelines, driving down risk at every step.
We understand the threat
We are experienced penetration testers and vulnerability researchers so we know a false positive from a real vulnerability.
We’re a security company
Traditional security services
We offer the full range of traditional InfoSec services including security assurance, architecture reviews and vCISO.
Penetration testing and auditing
We perform full infrastructure and web application penetration testing, in both cloud and on-premise environments.
We’re a DevOps company
Any Cloud
We work with all major cloud platforms, allowing us to audit environments and build secure automation no matter which flavour you use.
Any Tool
We don’t just resell one vendor, we use the right tools to suit each client and we always ensure we build the simplest and most robust configuration.
We automate
We work with the leading automation orchestrators to eliminate repetitive tasks and promote robust processes.
We care
Community speakers
We regularly talk at major conferences such as DTX, @Hack and Blackhat
CTF contributors
We directly support CTF competitions like BSIDES to help inspire and train the next generation.
We aso run our own annual DevSecOps CTF to upskill the next generation