Security Assessments for All Digital Systems
We help you to get a comprehensive picture of your IT security organisation, to secure processes and to close weak points. As a result, you can implement digital business models and take advantage of entrepreneurial opportunities without worrying.

Security Assessments for All Digital Systems

We help you to get a comprehensive picture of your IT security organisation, to secure processes and to close weak points. As a result, you can implement digital business models and take advantage of entrepreneurial opportunities without worrying.

Insight into IT Vulnerabilities from Digital Systems

Our security scans check internal and external IT systems for vulnerabilities. turingpoint is one of the top providers of penetration testing and offers comprehensive security assessments to meet clients' unique security requirements. Our IT security experts have the experience to uncover vulnerabilities in a range of technologies - from AWS to complex SaaS solutions to IoT - and create a meaningful plan to revise the vulnerabilities.

Security Assessment Consulting

IT Security Testing According to your Needs

The security of networks, websites, apps or cloud services is a fundamental building block for the implementation of digital business models. Our IT security consultants create a seamless IT security concept in accordance with DSGVO and BDSG (protection of personal data) for the operation of secure data centers and cloud services. Our IT security tests are based on the latest standards and methods. The security assessments also include the creation of an IT emergency plan with measures and recommendations for action in the event of acute incidents.

We place great emphasis on the communication and presentation of our security know-how. We work closely with developers, security engineers and CISOs to ensure that all parties understand the results of the assessment. Documentation is also a top priority and we provide a sample pentest report in advance.

Upon request, we implement relevant measures in coordination with you - gladly as permanent IT security management.

Security Assessment with Pentests, Cloud Security or Attack Simulations

We offer all IT security test concepts and recommend performing a gray or white box test for a penetration test or cloud pentest. An attack simulation provides the most benefit as a black box test.

Gray Box Tests

Gray box tests are all test types that fall between gray and black box tests. Some information is provided to the analyst usually only credentials. All other information is to be analyzed! This type of test is an interesting trade-off in terms of number of test cases, cost, speed, and scope of testing. Gray box tests are the most common type of security tests in the security industry

White Box Test

Also often referred to as "full knowledge testing" and is the opposite of black box testing in the sense that the tester has full knowledge of the application. The knowledge can include source code, documentation and diagrams. This approach allows for much faster testing due to its transparency. With the additional knowledge, a tester can create much more complex and detailed test cases.

Black Box Testing

Black-box testing is performed without the tester having any information about the application under test. This process is sometimes referred to as "zero-knowledge testing". The main purpose of this test is to allow the tester to behave like a real attacker, in the sense of exploring possible applications for publicly available and discoverable information.

IT Security Range of Services

Basically, we classify Cyber Security Assessments in three types, which, however, are individually compiled for each application case, so that synergy effects can arise.


In a penetration test, applications, systems, mobile apps and infrastructures are checked with the methods of an attacker. We simulate a professional hacker attack to identify weak points.

Cloud Security
Cloud Security Assessment

In a Cloud Security Assessment, a cloud infrastructure is analyzed and evaluated. The various configurations differ greatly from traditional infrastructure.

Adversary Simulation
Adversary Simulation

Attack simulations are used to test an organization's detection and response capabilities. The Red Team tries to access sensitive information in every possible way and as undetected as possible.


Companies that trust our professional competence.

  • Patrick Wölfel
    Patrick Wölfel
    Head of IT - RuV BKK

    We attach great importance to the security of our customer data. In this respect, we have commissioned turingpoint to examine our online office for possible weaknesses and to identify potential for improvement. What we particularly rate about turingpoint is the professional communication with the team as well as their adherence to deadlines. We received a very well-structured and comprehensible final report. This made it possible for our software developer to systematically eliminate the weak points that were found. We are looking forward to further cooperation.

  • Frederik Vollert
    Frederik Vollert
    Managing Director & Co-Founder - Phrase

    turingpoint conducted a web penetration test on the website and API as an external system audit as part of our Information Security Management System. The team conducted the tests in a highly professional manner, identifying a number of potentially malicious exploits and security enhancements through libraries, the application of security protocols and the browser level. The report helped us identify current strengths and weaknesses in our security architecture and resulted in changes to our code base to minimize security weaknesses. We look forward to our next penetration test with turingpoint!

  • Hans Lechner
    Hans Lechner
    Head of IT - reifencom GmbH

    I hereby confirm to turingpoint GmbH, Rödingsmarkt 9, 20459 Hamburg, Germany, for us services of penetration testing within the scope of a security audit of public web applications to have produced. The scope of services included the testing of the web pages of Internet presence and the associated e-commerce system of our company. The services were completed on time and in very high quality within the set deadline. quality workmanship. The interests of the client were always taken into account and the service is performed to the complete satisfaction of the customer.

  • Dr. med. Christoph Twesten
    Dr. med. Christoph Twesten
    Founder / CTO - MillionFriends

    Perfood GmbH address several diseases and predeseases with digital therapeutics. The portfolio includes medical products and DIGAs (digital health application under the German Healthcare Act). IT Security is a very important aspect of our business. In April 2020 turingpoint conducted a penetration-test on the API of our backend as an external system audit as part of the certification process for one of our medical products. In July 2020 we consulted turingpoint for a global Cybersecurity audit including our mobile app, backend, website and aspects of IT security in our office in Lübeck. The team conducted the tests in a very professional way and was a great help in finding potential threats and optimize the security of our system. Turingpoint also reviewed the architecture of our backend setup and helped us to design this critical part of our infrastructure in the most secure way. We are very satisfied with the results and looking forward to our next project together!

  • Boris Steinke
    Boris Steinke
    CTO - JITpay™ GmbH

    As a FinTech and logistics start-up, we at JITpayTM rely on state-of-the-art technologies and have efficient digital business processes. With JITpayTM we have created the possibility to digitalise the accounting processes in logistics. As part of the Central Accounting System (ZAL®), JITpayTM takes over the accounting of all logistics costs for shippers, forwarders and transport companies. At JITpayTM the topic of security is of particular importance because we are not only a service provider but also handle sesible data in large quantities. In September 2020 we commissioned turingpoint to conduct a penetration test as part of the certification process for an authority, in order to find possible leaks in our APIs and backends. The turingpoint team carried out the tests in a very professional way and searched our systems for potential threats in 14 days. At the end of the tests we received a very good and understandable report that helped us to fix the detected threats. We are very satisfied with the results and look forward to our next joint project!

  • David Holetzeck
    David Holetzeck
    CEO - Table of Visions

    Our expectations regarding quality, customer service and the execution of the penetration test and the hosting security check were exceeded and we can recommend the team of turingpoint GmbH without any restrictions. If you are looking for a service provider who prepares documents in such a way that everyone can understand them and provides advice on how to solve problems, turingpoint is the right partner for you.

  • Toyota
  • UniCredit
  • R und V BKK
  • eqs group
  • Phrase
  • reifencom
  • Billomat
  • JitPay
  • Speechagain

Certificates & Partner

We maintain a network for a lively exchange of knowledge and assistance.

  • OSCP
  • Portswigger
  • Tenable
  • rapid7
  • Allianz für Cyber-Sicherheit

Curious? Convinced? Interested?

Arrange a non-binding initial meeting with one of our sales representatives. Use the following link to select an appointment:

Alternatively, you can write us a message. Request a sample report or our service portfolio today. We will be happy to consult you!