Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Pentests.nl is a Dutch cybersecurity service provider whose core business is penetration testing. According to the website, its services cover Web applications, APIs, mobile apps, corporate networks and infrastructure, Azure/cloud environments, attack surfaces, and ransomware-related assessments. It also provides pentests for compliance scenarios such as DigiD, BIO, ISO 27001, PCI DSS, and NIS2.
Its testing approaches support blackbox, greybox, whitebox, and timebox models. The API penetration testing page provides relatively detailed information: tests are performed manually by ethical hackers, referencing PTES and the OWASP Top 10, combined with the testers’ own experience. Testing can be conducted for API communication methods such as XML, SOAP, and REST. Common findings include IDOR, excessive data returned by endpoints, missing or weak authentication, and undocumented but accessible API functionality. Mobile application testing is guided by the OWASP Mobile Security Testing Guide. Enterprise network testing focuses on internal and external networks, Active Directory, ransomware resilience, backup accessibility, and related issues.
The website does not provide a unified price list, but its API pentest service offers reference ranges: a smaller API from a blackbox perspective starts at €2,000; a complex API involving multiple user roles and source code review may start at €12,500. Final pricing requires an intake consultation to define the scope and provide a custom quote.
The advantages are its broad service coverage, spanning applications, networks, cloud, and compliance; its API testing methodology is disclosed in sufficient detail and emphasizes manual testing rather than simple scanning; testers are at least OSCP-certified; it also explicitly recommends testing in non-production environments first, showing attention to business continuity. The drawbacks are that no sample reports, SLAs, retesting arrangements, management platform, real-time alerting, or ticketing workflow details were found; aside from API testing, most service pricing is not transparent; company-level certifications and multilingual support are also not disclosed.
It is suitable for European, especially Dutch, organizations that need pre-launch security acceptance testing, in-depth API/mobile application testing, enterprise internal network and AD risk assessments, Azure environment security checks, or support for compliance requirements such as DigiD, ISO 27001, PCI DSS, and NIS2.
Based on the crawled text, it is not possible to determine its accessibility, access speed, or whether it is restricted in mainland China. The assessment is “unknown.”
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on pentests.nl official site.
pentests.nl is an Netherlands pentest (Pen Testing) provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Limited (proxy recommended). Click "Visit Official Site" to reach pentests.nl directly.