Resh is a cybersecurity services provider focused on offensive security. Its website states that it has more than 25 years of cybersecurity experience, with a service portfolio covering web, mobile, network, and API penetration testing, vulnerability management, cloud security assessments, and Red Team as a Service. It is positioned not as a standalone tool, but as a professional security assessment and attack simulation service delivered by a team of ethical hackers.
In terms of protection coverage, Resh spans traditional penetration testing, API security, and red team exercises. Its API testing emphasizes checks aligned with the OWASP API Security Top 10, including object-level authorization, authentication flaws, and excessive data exposure. It also analyzes business logic and complex call chains rather than relying solely on automated scanning. For authentication and access control, the site mentions validation of JWT, OAuth, and custom authentication mechanisms. Its red team service simulates real-world attackers, covering phishing, lateral movement, data exfiltration, and assessments of both personnel processes and the effectiveness of technical controls.
Deployment is primarily service-based, supported by Reshβs own online platform. Customers can use the platform to track tests, view security metrics, generate reports, and communicate with ethical hackers. Reports are available in Portuguese and English, and Resh claims they can support audit and cybersecurity due diligence requirements. The site also mentions EPSS exploit probability analysis, used to assess the likelihood that existing vulnerabilities may be exploited. However, there is no visible information about integrations with SIEM, ticketing systems, CI/CD pipelines, or cloud platforms, nor is automated alerting mentioned.
Pricing is not publicly disclosed and requires contacting sales. API penetration testing is described as available under annual contracts with periodic retesting, while red team services can be continuous or on-demand. This makes Resh look more like a customized project-based or annual service model. It is suitable for medium to large enterprises with complex APIs, cloud environments, compliance audits, M&A due diligence needs, or requirements to validate defensive capabilities.
Its strengths include broad service coverage, a relatively detailed API testing methodology, and an in-house platform with real-time reporting. Weaknesses include the lack of public information on pricing, compliance certifications, SLAs, customer case studies, and payment methods. Access from China is not disclosed on the site, so it should be considered unknown. During procurement, buyers should confirm cross-border access, contract payment arrangements, language support, and data export requirements. Domestic alternatives in China may include Qi An Xin, NSFOCUS, Venustech, DBAPPSecurity, and KnownSec.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on resh.com.br official site.
resh.com.br is an Brazil Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Limited (proxy recommended). Click "Visit Official Site" to reach resh.com.br directly.