We hack, show what's broken, and deliver a fix-it list you can act on tomorrow.
Security.Rocks is an independent Dutch cybersecurity company. Founded by an experienced ethical hacker who saw too many theoretical reports gathering dust.
Why Security.Rocks?
After hundreds of pentests and SAP assessments for organizations ranging from startups to multinationals, we kept seeing the same pattern: thick reports full of jargon, but nobody actually acting on them. Theoretical advice that ended up in a drawer.
So we do things differently. We keep it simple: we hack your systems, show what's broken, and deliver an action list your team can pick up tomorrow. No jargon, no wild theories, just results.
We apply the same approach to awareness. No PowerPoints, but experiences. The Scam Phone, escape room debriefs, training where your developers hack things themselves. Everything we do is built on one belief: you only learn it when you feel it.
The team
We are experienced penetration testers with a Master's degree (MSc) in cybersecurity. Our team is 100% OSCP-certified and used to thinking in terms of risks that affect you.
At Security.Rocks, our mission is to make cybersecurity achievable and affordable for organizations of every size. With practical, cost-effective solutions, we show that essential security doesn't have to be complicated or expensive.
Wouter van der Houven
FOUNDER · MSC · OSCP“I enjoy thinking about which vulnerabilities truly matter for your business.”
10+
Years of experience
OSCP
100% certified
150+
Pentests performed
100+
VDP disclosures
Proven expertise
Most of our work is behind NDAs. These are the results we can share.
COVID-19 Corona Tracer App
During the Dutch government's 'appathon' for the Corona tracer app, we found such severe vulnerabilities that all prototypes were rejected. The ministry switched entirely to a new, more secure design.
King's Day Live
The platform hosting the Royal Family's livestream during lockdown. We built the threat model, defined strict mitigations, and tested the platform. Result: zero notable incidents.
SAP Security Researcher
During security research, we found a vulnerability in SAP's login functionality. After reporting, we were recognized as SAP Acknowledged Security Researcher.
VNG Hall of Fame
We found a vulnerability in an application of the municipality of Utrecht that could execute unwanted actions on behalf of users. After reporting, we were inducted into the Hall of Fame of the Association of Dutch Municipalities.