Our security experts, who regularly find and report security vulnerabilities in companies such as PayPal, Tesla and Amazon, will test a system of your choice - in just 1-2 days at a fixed price.
Our mini penetration test follows the same standards as a full penetration test - with the difference that we focus specifically on those complex functional areas in which the most dangerous security gaps are hidden in practice.
The Mini Pentest delivers critical answers before you go live. We focus on real attack surfaces, report critical findings immediately, and provide you with a prioritized action list - without long wait times or PDFs that nobody reads.
Binding results within one business day after test completion
We test what attackers would target first
Actionable recommendations from experienced pentesters
… you need security fast, without blowing your budget. We bundle expert knowledge into a compact test day and deliver clear decisions for product, management, and compliance.
You need a second opinion before new features or integrations go live - without shifting the sprint plan.
You continuously develop, rely on CI/CD, and want to ensure that critical journeys remain protected after each update.
You need affordable proof for customers, auditors, or sales partners, without waiting months for a full pentest.
You need to assess risks, meet audit requirements, or show stakeholders that security is taken seriously.
Start with the basic package and book additional services as needed for even more depth and professionalism.
Double the test time for an even more in-depth analysis of your application.
Professional preparation for management, supervisory board, and compliance requirements.
Verification of fixed vulnerabilities - for final security clearance.
Personal presentation of results with your team and direct exchange.
Testing on weekends to avoid disrupting ongoing operations.
Compact management summary without technical full report.
Simply select the desired additional services when configuring - or contact us for individual consultation.
Whether feature launch, infrastructure change, or budget check - we focus on the areas where real attacks are most likely and deliver fast clarity for your team.
For websites, SaaS platforms, e-commerce, or single-page apps, we test authentication, access control, and data flows - focused on the most critical journeys.
We test hybrid, native, and progressive apps including API communication, local storage, and permission concepts.
Web servers, databases, VPN, firewalls, or cloud accounts - we quickly identify configuration vulnerabilities and show prioritizations.
We examine containers, Kubernetes, infrastructure as code, and CI/CD pipelines - including secrets management and access rights.
The Mini Pentest addresses urgent questions with clear prioritization. For comprehensive compliance or certification requirements, we recommend the regular pentest. This overview helps you plan the next step.
Ideal for rapid releases, budget checks, or a quick reality check of your security measures.
Recommended for comprehensive applications, compliance requirements, or audits with formal reporting standards.
Together we'll define the scope and find the solution that truly meets your requirements.
A compact timeline, clear responsibilities, and maximum transparency: We keep you informed throughout the test day and deliver immediately actionable results.
30-minute video call for scope alignment, risk prioritization, and technical preparation (e.g., test access, VPN, documentation).
Up to 8 hours of manual testing with supporting tool pipeline. We share critical findings immediately - preferably via Slack or your preferred channel.
Prioritized results with PoC, impact, and action list - encrypted via email. We can add a management summary upon request.
We're available for questions, advise on fixing, and plan the retest or an extended pentest if needed.
FinTech API with OpenAPI specification. Focus on CVSS > 7.0 vulnerabilities.
Test of a German Typo3 shop for industrial automation. Potential SQL injection and XSS found.
{{ question.description }}
{{ addon.description }}
Leave us your contact details so that we can send you a non-binding, customized offer.
Your data will be treated confidentially and will not be passed on to third parties.
The mini pentest is a targeted one-day test that focuses on critical safety aspects. It is perfect for regular checks and quick validations, while full pentests are more comprehensive.
In the best case, a test environment is available that has been loaded with demo data and can be tested safely.
For short tests, we are usually very flexible and can find an appointment within a few days.
Yes, this can also be added to the report - but there is an extra cost.
In the mini pentest, we dispense with "pretty" PDF reports and concentrate on the most important functions and points of attack from an attacker's perspective. The focus is on vulnerabilities with a high and critical level of severity. The time required is also limited to 8 hours. Many vulnerabilities can be found and documented in this time. This gives the customer a good insight into the IT security of their product at a relatively low cost and allows them to decide how they want to proceed.
As a rule of thumb, yes - but since time is limited, it makes sense to provide the tester with documentation, for example. This makes the test more of a gray box pentest. However, we are generally flexible here.
Yes, the costs will also double in this case.
Yes, every mini pentest is typically a manual test carried out by an IT security expert. However, depending on the case, automated tools are also run to find vulnerabilities. The customer also receives documentation on this.
Let's talk and see if we can come together - there's usually a solution for everything.
a) Doubling of engagement time b) PDF report with management summary c) Meeting (on-site or video) d) Comprehensive retest after fixing the findings.
