Two Swedish pentest providers, two different delivery models. Here is when to pick which.
Sentor (now part of Tietoevry) is one of Sweden’s oldest and largest pentest firms, established 1998, hundreds of engagements delivered, senior consultants with documented industry track record. Best for large companies with mature security organisations that want week-long deep engagements and clear audit documentation.
Pentesting.se (Adminor AB) is a hybrid pentest platform, daily automated scanning with 30+ tools + optional manual artisanal pentest. Best for mid-sized companies that want continuous coverage + annual manual verification at lower cost than enterprise consultancy firms.
Both are legitimate choices. We do not compete directly. Sentor on enterprise red team / IR-related pentest, us on continuous EASM + affordable manual pentest.
| Aspect | Sentor | Pentesting.se |
|---|---|---|
| Founded | 1998 | Adminor AB 1983, platform 2024 |
| Delivery model | Artisanal projects (1-4 weeks per engagement) | Platform + optional artisanal pentest |
| Pentest frequency | Per engagement (typically yearly) | Daily automated + manual on demand |
| Lowest price | ~80 000 SEK per engagement | 249 SEK/month (automated). Artisanal pentest project-based: single web app test from 15 000 SEK, larger engagements priced per scope |
| Compliance mapping | Adapted per engagement | Built-in: NIS2 / ISO 27001 / OWASP |
| Dashboard / continuous view | Report-based | Live dashboard 24/7 |
| Red Team | Yes, established enterprise practice, physical + social + technical | Yes. Claude-augmented for web/cloud/social, not physical or multi-month ops |
| OT/SCADA | Yes (OT practice) | External exposure yes, internal OT test no |
| Mobile app pentest (Android) | Yes | Yes. AI-augmented static analysis (jadx, apktool, secret-mining, API probing) |
| Mobile app pentest (iOS) | Yes | Limited. IPA reverse engineering possible, but dynamic instrumentation requires macOS rig |
| Dynamic instrumentation (Frida / Objection) | Yes | Not in standard delivery, can be added on demand |
| EASM (external attack surface management) | As part of engagement | Core product, daily |
| Data residency | Sweden (Tietoevry) | Sweden (Adminor AB, since 1983) |
| MCP / AI agent integration | No | Yes (Claude Code, Cursor, Windsurf) |
Pentesting.se is run by Alexander Norman, who worked at Sentor as a penetration tester 2007–2016. The security interest predates that, both professionally and privately: steganography, anti-intrusion work, defensive operational security in larger online environments against state and criminal actors, and other operational information security I worked on in my free time during the early 2000s. The Sentor years were an excellent professional phase and provided the consultancy discipline and documentation standard required for audit-ready work, but the underlying interest was there earlier.
The difference from what I do now: I no longer believe that only point-in-time yearly tests are sufficient. Vulnerabilities are published daily, the attack surface changes daily, and 360 days of exposure between tests is not reasonable in 2026. Pentesting.se is an attempt to add continuity without losing depth, automate what can be automated (CVE scanning, false-positive elimination, compliance mapping), keep what requires human creativity (business logic, attack chains, business context).
If you read this and you are a large organisation that actually needs Sentor’s depth, go there. We are not better at what they do best. But if you are one of the hundreds of Swedish mid-sized companies that cannot afford 80 000 SEK engagements every month but still has to meet NIS2, then Pentesting.se fits better.
Free security health check, no account, no credit card.