nullforge.net

What It Is

Nullforge Security Inc. is a cybersecurity company headquartered in Muntinlupa City, Philippines, serving clients in the Philippines, APAC, and remotely. Its core offering is not a single security software product, but a consulting and platform-delivered portfolio covering VAPT, red teaming and IoT testing, dark web scanning, threat intelligence, incident response, and security awareness training. The official website emphasizes services for government, finance, telecom, enterprise, and other sectors, and states that the company is a DICT-recognized cybersecurity assessment service provider with ISO 9001 and ISO 27001 certifications.

Core Capabilities and Deployment

In terms of protection focus, Nullforge leans toward offensive security assessment and threat insight. Its VAPT services cover web applications, authentication and access control, data exposure, business logic, APIs, network infrastructure, mobile applications, and more. Red team services include social engineering, phishing, physical access, wireless testing, and extend to IoT device analysis involving firmware, wireless protocols, and hardware interfaces. Its dark web service is used to identify leaked credentials, corporate data, and underground market risks. The TIP threat intelligence platform aggregates data from open, closed, and proprietary sources, analyzes indicators of attack, attack vectors, and TTPs, and delivers actionable intelligence to detection, defense, and SOC teams.

Management, Alerts, and Integration

Nullforge Hive is one of its more differentiated components: customers can view findings in real time during penetration tests and vulnerability assessments instead of waiting for the final report. It supports vulnerability tracking, security collaboration, instant PDF report export after testing, and executive summaries. The website also claims that every report is validated by engineers to deliver “zero false positives.” On the integration side, it only explicitly mentions Hive’s connection with the vulnerability assessment workflow and TIP’s delivery of insights to SOC and defense teams. Details about APIs, SIEM/SOAR, ticketing systems, or alerting channels are not disclosed, so its automation and operational integration capabilities should be confirmed during presales.

Pricing, Pros, and Cons

Pricing is quote-based. The website only says it provides fair quotations based on security needs and offers Inquire and Request demo entry points; it does not publish plans, starting prices, per-asset pricing, or project-based pricing details. Strengths include a broad service scope, a real-time visualization portal, an emphasis on engineer validation and delivery SLAs, plus DICT and ISO-related credentials. Weaknesses include low pricing transparency, limited disclosure of Hive/TIP technical architecture, data sources, integration interfaces, sample reports, and SLA terms, while some statistics on the dark web page show 0, making them difficult to use as proof of capability.

Best Fit and Access from China

Nullforge is better suited for mid-sized to large organizations with operations in the Philippines or APAC that need third-party security assessments, red team validation, IoT testing, or threat intelligence support—especially government, finance, telecom, and enterprise customers. The website does not provide information about accessibility from mainland China, and payment methods are not disclosed. If China-specific compliance, MLPS, cross-border data transfer, or on-site delivery is involved, it is advisable to confirm network accessibility, contracting entity, payment methods, and data processing boundaries in advance. Domestic alternatives in China may include QiAnXin, NSFOCUS, DBAPPSecurity, and Venustech; internationally, it can be compared with Mandiant, CrowdStrike, Rapid7, Tenable, and others.