Capture The Bug is a CREST-certified Penetration Testing as a Service (PTaaS) platform headquartered in Hamilton, Waikato, New Zealand. The company provides continuous security testing services aimed at SaaS companies, startups, and enterprises looking to maintain ongoing security posture beyond traditional annual VAPT (Vulnerability Assessment and Penetration Testing) cycles. The platform covers a range of penetration testing services, including: - Web application testing - Mobile application testing - Network infrastructure testing - API testing - AI penetration testing - Cloud security testing A core aspect of the platform is human-validated findings, where all discovered vulnerabilities are manually verified by pentesters to eliminate false positives. The platform generates compliance-mapped reports aligned to frameworks such as SOC 2, ISO 27001, GDPR, CIS, and HIPAA, making outputs suitable for audits, investors, and customers. Capture The Bug integrates with developer workflows by providing reproduction steps, risk context, and tickets compatible with GitHub and Jira, enabling remediation within existing development pipelines. The platform also holds a partnership with Vanta, a compliance automation platform. The company serves clients across multiple industries including banking and financial services, SaaS, healthcare, education, legal, e-commerce, and telecommunications, and scales its offering across startup, growing team, and enterprise segments. It operates across New Zealand, Australia, and the United States.