Mini penetration test: Fast. Transparent. Certified.

Our security experts, who regularly find and report security vulnerabilities in companies such as PayPal, Tesla and Amazon, will test a system of your choice - in just 1-2 days at a fixed price.

Our mini penetration test follows the same standards as a full penetration test - with the difference that we focus specifically on those complex functional areas in which the most dangerous security gaps are hidden in practice.

$ 1499 fixed price

Mini Penetrationstests
Damian Strobel

Damian Strobel

Founder and CEO

"Our mini pentests are ideal for startups, SMEs and development teams who want to test the security of their web applications quickly and efficiently."

Your benefits

Fast & Efficient

Fast & Efficient

Results within 1-2 working days after the pentest

A focused approach

A focused approach

Focus on the most important functions & attack vectors

Clear reporting

Clear reporting

Findings, proof of concept and recommendation for action via e-mail (GPG)

Mini pentests are suitable for

Startups & SMEs

Startups & SMEs

Development teams

Development teams

DevOps Teams

DevOps Teams

Product Manager

Product Manager

Areas of application of a mini pentest

Web

API, websites, SaaS and CMS, web applications, e-commerce systems

Mobile Apps

Apple and Android applications, Progressive Web Apps (PWA)

Infrastructure

Web servers, database servers, firewalls, load balancers, VPN access, cloud infrastructure (AWS, Azure, GCP)

DevOps

Docker, Kubernetes, pipelines, continuous integration/deployment, infrastructure as code, version control systems

Mini pentest vs regular penetration test

Mini Pentest Regular Pentest
Test duration 1 business day 5-15 business days
Focus Critical vulnerabilities and high-risk functions of an application or a specific host OWASP Top 10 and comprehensive security check of all functions and methods
Suitability
  • Quick assessment of IT security
  • Check before software release
  • Regular checks
  • Validation of updates
  • Quick safety checks
  • Compliance
  • Testing of complete application
  • Checking all API routes
  • Complex attack scenarios
  • Sophisticated exploit attempts
Report
  • Simple report by e-mail
  • PDF report with management summary
  • Handover via e-mail or in person
Encryption
Personal meeting 30 minutes video call 2x 60 minute video call or 1x 120 minutes on site
Time to report Same day or 1-2 working days after test Within 5 days after test
Cost Fixed price of $1499 Price depends on scope, test duration and complexity
Retest Yes (Basic) Yes (Extensive)

Test focus of a mini pentest

Critical issues

CVSS 7.0 - 10.0
  • Authentication bypasses
  • Injections (SQL, RCE, ...)
  • Data Exposures/PII Leaks
  • Access control problems

High-risk functions

Business critical functions
  • File processing
  • Payment processes
  • User management
  • Interactions with external services

Proof of Concept

PoC||GTFO Methodology
  • Detailed steps for reproduction
  • Impact details in the context of the scope
  • Verification of the fix/patch
  • Examples of secure implementation

FAQ

How does a mini pentest differ from a normal pentest?

The mini pentest is a targeted one-day test that focuses on critical safety aspects. It is perfect for regular checks and quick validations, while full pentests are more comprehensive.

How should I prepare for a mini pentest?

In the best case, a test environment is available that has been loaded with demo data and can be tested safely.

How long does it take before the test can take place?

For short tests, we are usually very flexible and can find an appointment within a few days.

We need a management summary, is this possible?

Yes, this can also be added to the report - but there is an extra cost.

Why is it so affordable?

In the mini pentest, we dispense with “pretty” PDF reports and concentrate on the most important functions and points of attack from an attacker's perspective. The focus is on vulnerabilities with a high and critical level of severity. The time required is also limited to 8 hours. Many vulnerabilities can be found and documented in this time. This gives the customer a good insight into the IT security of their product at a relatively low cost and allows them to decide how they want to proceed.

Is the mini pentest a black box pentest?

As a rule of thumb, yes - but since time is limited, it makes sense to provide the tester with documentation, for example. This makes the test more of a gray box pentest. However, we are generally flexible here.

Can the test time be doubled?

Yes, lets talk!

Does the mini pentest also include automated scans?

Yes, every mini-pentest is usually a manual test carried out by an IT security expert. However, depending on the case, they also run automated tools to find vulnerabilities. The customer also receives documentation on this.

We have special requirements, but only a very limited budget. Is the mini pentest something for us?

Let's talk and see if we can come together - there's usually a solution for everything.