opensecurity.in

What It Is

OpenSecurity is an application security services firm based in Bangalore and Vancouver. Its core offerings include penetration testing, code review, security architecture review, threat modeling, security engineering, training, and security research. Its services cover Web applications, Web services, APIs, AWS/Azure/GCP cloud infrastructure, Serverless, Android/iOS mobile apps, and IoT software.

Core Capabilities and Protection Scope

Based on the available content, OpenSecurity is positioned more as an “expert services + security engineering” provider than a standardized SaaS protection product. Web assessments typically take 2-7 weeks and reference OWASP Web and SANS 25. Mobile assessments take 3-7 weeks and reference OWASP Mobile and MSTG. Cloud security assessments cover AWS, Google Cloud, and Azure, using OWASP and CIS Benchmark as references. Deliverables include a PDF report and retesting, which is an important closed-loop capability in penetration testing projects.

Deployment, Management, and Integration

Its delivery model is primarily project-based consulting and engineering support. The website states that it can help enterprises integrate AppSec tools into CI/CD, and can also provide security automation, scripting, and tool development using technology stacks such as Python, Golang, Lua, Node.js, .NET, JavaScript, and Java. In terms of management and alerting, the content does not indicate a continuous monitoring platform or real-time alerting capability. The focus is more on reports, retesting, priority support via email/Slack, and vulnerability remediation prioritization.

Pricing and Compliance

General penetration testing, code review, and security assessments require a custom quote, with no public per-project pricing disclosed. Pricing for MobSF Support Packages is clearer: Professional is USD 2999.99/year, Enterprise is USD 6999.99/year, and Training is USD 10999.99/year. All prices are in USD, tax-inclusive, but exclude withholding tax and transaction fees. On compliance, it can only be confirmed that its assessments reference OWASP, SANS 25, MSTG, and CIS Benchmark. Company-level certifications such as ISO 27001 or SOC 2 are not disclosed.

Pros, Cons, and Who It’s For

Its strengths are broad coverage across manual security assessment, source code review, cloud and mobile security, plus a background in open-source tools and MobSF support. It is well suited to engineering teams, security teams, and startups that need to build deeper AppSec capabilities. Limitations include insufficient public information on service SLAs, payment methods, project pricing, sample deliverables, and enterprise-grade compliance certifications. It is not a good fit for users who simply want an out-of-the-box WAF, EDR, or continuous monitoring platform.

Access from China and Alternatives

The source content does not specify access from mainland China, payment support, or local contract support, so access from China should be considered unknown. If Chinese-language delivery, local compliance, or RMB procurement is required, consider comparing it with domestic security service providers such as QiAnXin, NSFOCUS, DBAPPSecurity, and Chaitin Tech. For international red team and application security assessments, alternatives include NCC Group, Bishop Fox, Cobalt, and Synack.