Uncover vulnerabilities before they become a risk

Penetration testing

Cyber threats are constantly evolving and no system is inherently secure. Proactively protect your company from data loss, financial damage and reputational damage with a professional penetration test.

Request a quote

Penetration testing Identify and close security gaps

If you want to know how an attacker thinks
A penetration test (pentest for short) simulates real cyberattacks on your systems - controlled, documented and professional. This allows you to find out which vulnerabilities exist in your infrastructure, applications or cloud environments - before they are exploited.

Our certified ethical hackers test with proven methods, current attack scenarios and a clear goal: to make your systems more resilient.

Your advantages
- realistic attack simulation with clear risk assessment
- detailed report including proof of concept & recommended measures
- objective testing by certified pentesters
- strengthening your cyber defenses - technically and strategically

Let your systems do the talking - before attackers do

A pentest not only uncovers vulnerabilities, but also creates a reliable basis for your security strategy. Simulate attack scenarios & strengthen your defenses now!

Our penetration tests at a glance

We offer different pentest formats and test according to your objectives:

Overview

Pentests uncover security gaps in IT systems. Have your systems checked & protect your company. Enquire now!

Web application penetration test

Have your web application specifically tested. Request a web pentest now and protect your data from attacks!

Network penetration test

Have your network checked for vulnerabilities. Request a pentest now and minimize attack surfaces!

Active Directory Penetration Test

Have Active Directory tested now. Detect vulnerabilities, close attack paths - before it becomes critical.

Mobile penetration test

Have your mobile apps checked - before attackers do. Request a mobile pentest now & protect sensitive data!

Cloud penetration test

Misconfigurations, rights problems or open interfaces? Have your cloud environment checked - before it becomes critical.

Each test is based on common standards such as OWASP, NIST or BSI - combined manually and automatically to ensure maximum testing depth.

Over 100 satisfied customers

I attended the CISA course at TASC Schönbrunn in July 2025 and my expectations were fully met. I was warmly welcomed by all the staff and the organizational process was very good. The training was very intensive, but the methodology and didactics of Aron (ISACA trainer) was remarkable. He managed not only to present the topics, but also to convey them and responded to our needs as training participants. The result: CISA exam passed on the first attempt, the very next day! To summarize, I can recommend TASC Schönbrunn to anyone who wants to develop further in this area and is looking for a quality training provider.

Manuel Leitner

The course imparts a lot of knowledge in a short time, but thanks to the enormous experience and competence of the lecturer (greetings to Aron Lange) it was fun and at no point was it "dry" or soporific, and that must mean something if you imagine that we chewed through ISO standards here.the course was just right for me as a "beginner" in the world of standards for IT security. You have already seen and done a few things in your career, but if you want to know how to do IT RIGHT, you should come here and have it explained to you.I will attend another course here and can only recommend it to everyone!

Thomas Losik
IT Manager

It was the best training I have attended so far - extremely practical, presented in a clear and understandable way and the complex concepts of the ISO 27001 standard explained in an easy to follow way.

Thomas Seßner
Managing Director, OAC Analytics AG

Very good location for certification tests.

The team shows the highest level of professionalism and empathy when dealing with the test candidates and adhering to the test conditions. I felt very well looked after here and was able to concentrate fully on the test. Many thanks for that!

Markus Severitt

In December 2022, I took part in the 'ICO ISMS FOUNDATION according to TISAX' training course with Jan-Sebastian Schönbrunn, Managing Director of Schönbrunn TASC GmbH. The training, after which I successfully passed the exam for the ICO certificate, the way the knowledge was imparted and the atmosphere at Schönbrunn TASC GmbH were excellent and extremely pleasant all round.

J.R.

Mr. Schönbrunn has very deep knowledge down to the most granular level of detail in the topic of 'Information Security' (of course also in ISO 27000 ff.) and - which is at least as important - can also impart this knowledge. As I would like to further increase my competence in the area of TISAX, I will again carry out the further levels of certification ('TISAX Officer', 'TISAX Auditor') at Schönbrunn TASC GmbH.
That's why I give them 5 stars!

A.R.

Great transfer of knowledge and valuable background information.

Fabian Meinzer

What is the difference between a pentest and a vulnerability scan?

A vulnerability scan is a superficial assessment, whereas a pentest goes deep - through realistic attack simulations with exploits, evaluations and retests.

Which systems can be tested?

We test everything that is potentially vulnerable: internal networks, external servers, web applications, APIs, mobile apps, cloud instances and Active Directory environments.

How does a pentest work?

Scoping & target definition
Reconnaissance & vulnerability analysis
Controlled exploitation
Report with executive summary, POCs & CVSS risk analysis
Recommended measures
Optional: Presentation of the results as part of a separate meeting
Optional: Post-test to check closed gaps

How long does a penetration test take?

This depends on the scope and complexity of the test. A targeted test of individual systems can be completed in a few days - more comprehensive analyses (e.g. of networks, cloud environments or applications with many roles and functions) usually take between 5 and 15 working days. In any case, we determine the duration together in advance during scoping.

What is the difference between black box, grey box and white box pentests?

In the black box pentest, the tester receives no prior information about the target. In the greybox pentest, some information such as system details or access data is provided. In the whitebox pentest, the tester has complete knowledge of the system architecture and extensive access options.</p

Is a pentest safe?

Yes - our tests are carried out under controlled conditions without affecting production systems. All steps are documented, agreed and legally secured.</p

When should a pentest be carried out?

The ideal time for a pentest depends on factors such as new releases, system changes or regulatory requirements. It is recommended to carry out tests after significant system changes and on a regular basis.</p

How often should a pentest be carried out?

The frequency of the pentests depends on your security needs and compliance requirements. Annual or semi-annual tests are common, or more frequently for critical systems.</p

What are the costs of a professional pentest?

The cost of a professional pentest depends on your individual requirements and the scope and complexity of the test. Even with a small budget, you can commission basic security tests. For more extensive or specially tailored analyses, we will be happy to provide you with a suitable quote - transparent and tailored to your needs.</p

What requirements does the NIS 2 directive place on penetration tests?

NIS-2 requires regular security checks, including pentests, to ensure a high level of cyber security. Specific requirements apply to critical and essential infrastructure.</p