Positive Security is an IT security consulting and research team based in Berlin. It is not positioned as a single security product, but rather as a research-driven offensive and defensive security service provider for enterprises. Its website emphasizes a “Holistic” approach: testing websites, corporate networks, IoT devices, and cloud infrastructure from an attacker’s perspective, while also contributing to security design, process automation, and the implementation of security features.
Its service coverage is broad. On the offensive side, it offers penetration testing for Web/API, mobile apps, native applications, networks, and cloud infrastructure (AWS, Azure, GCP, K8s), as well as red team exercises, device testing, and mobile network assurance for telecom environments from 2G to 5G. On the defensive side, it provides design reviews, security automation, vulnerability prioritization, remediation support, and implementation of features such as 2FA and encryption. For management and alerting, the website explicitly mentions SOC Optimization, using threat models to run attack simulations and improving monitoring capabilities through repeatable testing and KPIs. It can also consolidate, filter, and prioritize vulnerabilities and security alerts from multiple sources. In terms of deployment, this is closer to project-based consulting delivery rather than a self-service SaaS product.
The website does not disclose pricing, packages, project timelines, SLAs, payment methods, or compliance certifications. Quotes must be requested via the contact form or by emailing [email protected]. Before procurement, buyers should clarify the scope, deliverables, retesting arrangements, confidentiality terms, vulnerability disclosure process, and whether the service can meet enterprise compliance audit requirements.
The main advantage is that the team’s background and blog research demonstrate strong technical depth, covering complex topics such as Auto-GPT sandbox escapes, issues in JavaScript tooling libraries, and remote control of energy systems. It also combines offensive and defensive security expertise with practical engineering implementation capabilities. The downside is that publicly available commercial information is limited, with no standardized pricing or clear certification details. For customers that need rapid onboarding, fixed packages, or local compliance credentials, the offering is not very transparent.
Positive Security is suitable for startups through large enterprises with complex systems, cloud-native environments, IoT or telecom scenarios, or organizations looking to run red team, purple team, and broader security improvement programs. Access from China is not covered in the source material, so it should be considered unknown. Payment options and Chinese-language local support are also not specified. If local delivery, MLPS compliance, or domestic compliance support is required, alternatives such as 奇安信, 绿盟科技, 安恒信息, 启明星辰, and 知道创宇 may also be worth evaluating.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on positive.security official site.
positive.security is an Germany Cybersecurity provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach positive.security directly.