
Damian Strobel
Founder and CEO
"Our mini pentests are ideal for startups, SMEs and development teams who want to test the security of their web applications quickly and efficiently."
Your benefits

Fast & Efficient
Results within 1-2 working days after the pentest

A focused approach
Focus on the most important functions & attack vectors

Clear reporting
Findings, proof of concept and recommendation for action via e-mail (GPG)
Mini pentests are suitable for

Startups & SMEs

Development teams

DevOps Teams

Product Manager
Areas of application of a mini pentest
Web
API, websites, SaaS and CMS, web applications, e-commerce systems
Mobile Apps
Apple and Android applications, Progressive Web Apps (PWA)
Infrastructure
Web servers, database servers, firewalls, load balancers, VPN access, cloud infrastructure (AWS, Azure, GCP)
DevOps
Docker, Kubernetes, pipelines, continuous integration/deployment, infrastructure as code, version control systems
Mini pentest vs regular penetration test
Test duration | 1 business day | 5-15 business days |
---|---|---|
Focus | Critical vulnerabilities and high-risk functions of an application or a specific host | OWASP Top 10 and comprehensive security check of all functions and methods |
Suitability |
|
|
Report |
|
|
Encryption | ||
Personal meeting | 30 minutes video call | 2x 60 minute video call or 1x 120 minutes on site |
Time to report | Same day or 1-2 working days after test | Within 5 days after test |
Cost | Fixed price of $1499 | Price depends on scope, test duration and complexity |
Retest | Yes (Basic) | Yes (Extensive) |
Test focus of a mini pentest

Critical issues
CVSS 7.0 - 10.0- Authentication bypasses
- Injections (SQL, RCE, ...)
- Data Exposures/PII Leaks
- Access control problems

High-risk functions
Business critical functions- File processing
- Payment processes
- User management
- Interactions with external services

Proof of Concept
PoC||GTFO Methodology- Detailed steps for reproduction
- Impact details in the context of the scope
- Verification of the fix/patch
- Examples of secure implementation
FAQ
How does a mini pentest differ from a normal pentest?
The mini pentest is a targeted one-day test that focuses on critical safety aspects. It is perfect for regular checks and quick validations, while full pentests are more comprehensive.
How should I prepare for a mini pentest?
In the best case, a test environment is available that has been loaded with demo data and can be tested safely.
How long does it take before the test can take place?
For short tests, we are usually very flexible and can find an appointment within a few days.
We need a management summary, is this possible?
Yes, this can also be added to the report - but there is an extra cost.
Why is it so affordable?
In the mini pentest, we dispense with “pretty” PDF reports and concentrate on the most important functions and points of attack from an attacker's perspective. The focus is on vulnerabilities with a high and critical level of severity. The time required is also limited to 8 hours. Many vulnerabilities can be found and documented in this time. This gives the customer a good insight into the IT security of their product at a relatively low cost and allows them to decide how they want to proceed.
Is the mini pentest a black box pentest?
As a rule of thumb, yes - but since time is limited, it makes sense to provide the tester with documentation, for example. This makes the test more of a gray box pentest. However, we are generally flexible here.
Can the test time be doubled?
Yes, lets talk!
Does the mini pentest also include automated scans?
Yes, every mini-pentest is usually a manual test carried out by an IT security expert. However, depending on the case, they also run automated tools to find vulnerabilities. The customer also receives documentation on this.
We have special requirements, but only a very limited budget. Is the mini pentest something for us?
Let's talk and see if we can come together - there's usually a solution for everything.