Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Katana Security is an offensive cybersecurity services team based in Córdoba, Argentina. It positions itself as a professional services provider that helps companies identify and remediate application and network risks. Its services cover Web applications, APIs, Android mobile apps, internal and external networks, LLM/MCP security assessments, and enterprise attack surface monitoring, making it suitable for organizations that need authorized penetration testing and vulnerability assessments.
In terms of protection approach, Katana is more focused on “assessment and validation” than on traditional firewall or endpoint protection products. Its Web and API testing is based on the OWASP Top 10, ASVS, and the OWASP Testing Guide; its mobile work focuses on Android and references the OWASP Mobile Top 10; and its network penetration testing follows OSSTMM. The site also explicitly mentions security assessments for LLMs and MCPs, indicating attention to AI system interfaces and emerging attack surfaces. The attack surface monitoring section emphasizes continuous oversight, exposed asset discovery, vulnerability analysis, and real-time risk analysis, but it does not specify the underlying platform, alerting channels, or automation capabilities.
The website does not disclose pricing, plans, billing models, delivery timelines, or payment methods, so buyers will need to request a quote by email or through a form before procurement. The delivery model appears to be primarily consultant-led professional services. Attack surface monitoring may be offered as an ongoing service, but it is unclear whether Katana provides a SaaS console, on-premises deployment, API integrations, or integrations with SIEM/ticketing systems. Compliance certifications, professional accreditations, and customer case studies are also not shown in the main content.
The advantages are that its service coverage is fairly comprehensive and it references widely used industry testing methodologies. Team information is transparent, and members appear to have backgrounds in application security and penetration testing. It also includes LLM/MCP security in its scope, which is useful for companies with AI application security needs. The downsides are the limited commercial information, making cost-effectiveness difficult to judge; the technical depth, alerting, and operational model of its attack surface monitoring are not clearly explained; and the visible team size appears limited, so its ability to deliver large-scale, multi-region, or high-concurrency projects should be verified further.
Katana is better suited to small and mid-sized businesses, startups, or overseas business teams that need targeted penetration testing, especially customers operating in Spanish-speaking environments. There is no textual basis for evaluating access from mainland China, network connectivity, or payment methods, so these remain unknown. If local compliance, Chinese-language delivery, and domestic payment options are required, it may be worth comparing with Chinese vendors such as Qi An Xin, NSFOCUS, DBAPPSecurity, and Venustech. For more international crowdsourced testing or high-end red teaming, alternatives include Bishop Fox, NCC Group, and Cobalt.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on katana.sh official site.
katana.sh is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Limited (proxy recommended). Click "Visit Official Site" to reach katana.sh directly.