Astra Ranks as a Leader in G2 Pentesting Companies

Technical Reviewer
Updated: July 15th, 2026
5 mins read
Astra Ranks as a Leader in G2 Penetration Testing Companies

TL;DR

  • Astra ranked as a Leader in G2 Pentesting Companies, backed by a 4.6/5 rating across 211 verified reviews
  • 72 badges across 19 Grid Reports this cycle, including strong review volume in DAST and API Security
  • As AI-first pentesting claims flood the market, this is third-party proof that our findings hold up

We are going to try something risky here: humility in a blog post about winning an award. 

Let us start by saying a badge DOES NOT change how Astra-nauts show up for work on a Monday, but when 211 people (as of July 10, 2026) take the time to log into G2 and talk about whether Astra Security holds up to its commitments, months after their engagement closed, we take a minute.

This quarter, that added up to a 4.6 out of 5 rating and 72 badges across 19 Grid Reports. Since 2018, Astra has run over 8,000+ pentests and reported 2M+ vulnerabilities across engagements in 70+ countries.

What it Actually Takes to Rank on G2

From the 72, the badge we keep circling back to is Leader in Penetration Testing tools, simply because earning it took more than a good quarter and a batch of kind reviews. 

For context, G2 requires a product to meet a minimum review threshold before it even qualifies for the Grid Report, which then ranks tools by badge, from Users Love Us to index and regional badges, with multiple vendors vying and building their way up to High performer and Leaders.


Placement then runs on two axes:

  • Satisfaction, which is drawn from reviewer ratings, weighted by recency; and 
  • Market presence built from adoption and scale.

The other badges this cycle round out this picture, where Easiest Setup and Best Meets Requirements speak to onboarding and fit; Best Relationship and Easiest To Do Business With come from support and account experience scores; Best Results ties back to the same outcome data behind the Leader placement.

Astra ranks as a leader on G2 pentesting companies.

Who’s Actually Rating Us

Of the 200+ reviewers, 140 run small teams of 50 people or fewer, 60 sit at the mid-market scale, and 8 are enterprise. Most are hands-on: 83 identify as end-users, 77 as admins, and the rest split between executives and consultants, spanning computer software, IT services, financial services, and healthcare, with a concentration in Asia and North America.

Why should you care about these numbers? Simply because they help you understand whose words you’re relying on, which in Astra’s case are largely the people who log in and act on the findings themselves, running lean security operations where a bad pentest is a much bigger liability than at a company with a dedicated security team to catch what the vendor missed.

What did They Have to Say About Astra as a G2 Pentest Company?

Before we dive in, let’s take a quick look at what most reviewers flagged:

QualitiesMentions
Responsive support63
Comprehensive vulnerability management51
Ease of use50
Quick, efficient testing42
Thorough vulnerability identification37

While one or two may be discountable, all of the above, by the sheer velocity of mention, showcase the specific recurring themes, submitted months apart, by people who had no reason to coordinate their answers.

A founder building a compliance-first HR platform wrote that Astra’s team “understood the regulations and helped us fix what actually mattered,” crediting the engagement with helping win over enterprise buyers who now ask about security before signing.

A CTO at a small SaaS company described the process as feeling “less like an audit and more like guided collaboration,” built around validating real risk rather than triaging a long list of low-value flags on one’s own.

“What I liked most about Astra Pentest was the onboarding and support experience. The team was responsive, helpful, and made the entire process straightforward. Setup was quick and easy, and the platform provided strong controls for managing the full testing lifecycle. The centralized dashboard and visibility into findings made it easier to track progress, collaborate with stakeholders, and stay on top of remediation efforts. Overall, it offered a smooth user experience while giving us confidence in our security testing program.” 

Sivakumar S., CTO, Small-Business (50 or fewer emp.)

“The most helpful thing about using Astra Pen Test was that they actually caught legitimate vulnerabilities in our product through their manual pen tests at a competitive price point. In addition, having a dedicated rep that I could chat through Slack for asking questions or guiding us through how their platform works was especially helpful.”

Ryo C., Co-founder, Small-Business (50 or fewer emp.)

Anyone can run a scanner and hand over a list of findings. Getting hundreds of people to say those findings were worth acting on is the harder problem, and it’s the one we built OrbitX to solve: automated scans paired with manual validation, surfaced on a dashboard a CTO can read in five minutes instead of a 500-page PDF.

Astra Security's automated DAST tool + VAPT platform dashboard

The Same Bar Two New Categories

Astra Security shows up in 202 reviews tagged Penetration Testing, but the newer categories carry real weight on their own, with 97 tagging API security and 55 for DAST.

DAST reviewers keep citing the same common benefit: continuous scanning catching regressions between releases, rather than waiting for an annual audit. API Security reviews get specific fast.

A Gartner reviewer even praised the platform’s “traffic-driven discovery” of shadow and orphaned endpoints, the kind of blind spot engineering teams accumulate as they ship faster. 

Where This Points Next

Static and dynamic scanners, alongside manual pentests, have reliably found vulnerabilities for over two decades, but what earns a 4.6/5 rating from hundreds of individual customers is a layer above that: judgment about which findings represent exploitable, business-relevant risk right now, out of everything a scanner flags.

As AI speeds up how quickly code ships and how quickly attackers can probe it, that is what every autonomous pentesting claim in the market will eventually be tested on. Astra’s own autonomous pentesting runs on those same layers of judgment, built on insights from real-life pentests these 211 reviewers just confirmed hold up in practice. 

Ribbon graphics fade. A quarter’s worth of people choosing to vouch for the work in public doesn’t, and that’s the bar we want the next badge to clear too.