Adversarial expertise, built for Southeast Asia.
From Singapore origins in 2014 to a regional footprint across Singapore, Indonesia, and Thailand, Vantage Point Security Group is one of the largest independent CREST-accredited penetration testing firms in the region, securing enterprises, financial institutions, and critical sectors through offensive security.
Since February 2014
Regional team
SG · ID · TH
From Singapore origins to your regional SEA security partner.
Singapore HQ focused on banking and financial services.
Regional expansion into Jakarta.
Originally authored the global mobile testing standard.
Development of the proprietary delivery platform starts.
Regional expansion into Bangkok.
AI-augmented penetration testing service goes live.
Built by Experts. Trusted by Enterprise.
Vantage Point was founded in Singapore in February 2014 by Paul Craig and James Morgan, two practitioners who set out to build a penetration testing firm where consultant depth, standards rigour, and adversarial expertise come before headcount.
More than a decade on, that founding principle still shapes how we hire, how we deliver, and how we invest in the Velocity platform and Velocity AI.
We helped write the standards we test against.
Our roots are in application security. In 2018, Vantage Point originally authored the OWASP MASTG and MASVS, the global mobile application security testing and verification standards now used across the industry.
That standards-first DNA shapes every engagement. Our test cases map back to recognised frameworks, our reports trace findings to specific requirements, and our consultants stay close to the working groups that define how modern systems should be secured.
OWASP MASTG
Mobile Application Security Testing Guide, the global manual penetration testing methodology for mobile applications.
OWASP MASVS
Mobile Application Security Verification Standard, the requirements baseline for secure mobile applications.
Independently verified across regulatory, accreditation, and quality regimes.
CREST
Accredited to perform Penetration Testing services
CSRO
All regional offices are licensed by Singapore CSRO to perform Penetration Testing
ISO 27001:2022
ISO 27001 certified, with current certification documentation available upon request.
SOC 2
Annually attested and available on request
ASPI
Registered in Indonesia (Sek.ASPI/STT/065/X/2024)
A deliberately rigorous consultant pathway.
Every consultant meets a strict offensive-security baseline before being assigned to client work. The pathway is sequential, designed to ensure each consultant has the same depth and breadth of knowledge, and can deliver services at the highest calibre.
- 01 Technical interview
- 02 Non-technical interview
- 03 Signing
- 04 Background check
- 05 OSCP lab and certification
- 06 CREST CPSA
- 07 CREST CRT
- 08 Project assignment
Our consultants compete at the global frontier of offensive security.
The team actively participates in elite Capture The Flag competitions worldwide, sharpening practical skills against the best offensive security teams. CTF results demonstrate practical capability and continuous skill development.
| Year | CTF |
|---|---|
| SPIEF Cyberbattle 2024 | |
| Cyber Jawara CTF 2024 | |
| CyberSec Asia / Thai International Cyber Week 2026 | |
| Hack The Box Business CTF 2024 | |
| Slashroot 7.0 CTF 2023 | |
| DEF CON HTX Singapore 2026 | |
| NAHAMCON 2024 |
Work with a team that's built to find what others miss.
Speak to us today about how we can help you secure your assets.