How well protected is your company against cyber attacks?

Codepurple analyzes your IT systems and applications for their security. A security review by our specialists can identify vulnerabilities and configuration mistakes before they become critical for your company.

Closed Bug Bounty

During the Closed Bug Bounty program, we examine IT systems in depth. With your permission, we search for bugs and security-related configuration errors. You only pay for vulnerabilities we find.

learn more


A penetration test is performed specifically on a system. In this process, a software is empirically examined for security vulnerabilities. Our specialties here are: APIs, web or mobile applications.

learn more


A security review examines all IT systems on a broad scale. As a result, you receive a detailed report of what was examined and where security vulnerabilities were found.

learn more

43% of cyberattacks target SMEs!

Source: Symantec

Sensitive file scanner

After scanning over 2.6 million .ch and .li domains and finding hundreds of usernames, passwords, API keys, and bank accounts, we knew we were turning our program into a service. So that everyone can monitor their domains and no files become public unintentionally.

With the help of, anyone can monitor their domains and subdomains for a monthly price of a coffee.


  • Daily scans for exposed sensitive files
  • Automatic subdomain detection
  • Immediate notification on detection of an issue
  • More than 35 detection rules, being expanded constantly
  • No complex and complicated setup, just start in a few minutes

More info:

Do not reuse your password on different accounts.

Source: Codepurple


Subdomains sind eine wahre Goldgrube für Angreifer

Aufs neue starteten wir unseren Scanner, welcher übrigens mit 100% selber produziertem Solarstrom läuft. Obwohl auf den Hauptdomains und unter www. oft nur Webseiten betrieben werden, waren wir trotzdem überraschend, was dort alles zu finden war. Wir ahnten bereits vor der Idee, die Subdomains anzuschauen, dass dies noch schlimmer wird, denn auf den Subdomains laufen oft Webapps mit heiklen internen Firmen-Daten.


Ungewollte Datenlecks (online und offline)

In der heutigen digitalen Welt haben wir alle irgendwann schon einmal sensitive Daten online geteilt. Obwohl die meisten von uns versuchen, vorsichtig zu sein, kann es dennoch passieren, dass wir versehentlich private Informationen veröffentlichen. Dies kann auch versehentlich passieren, ohne dass wir uns dessen bewusst sind.


Auswirkungen von Ransomware auf ein Unternehmen

Stellen Sie sich ein mittelständisches KMU vor. 142 Mitarbeiter in den Bereichen Entwicklung, Produktion, Lager, Installation, Montage, Support, Marketing und das ganze Backoffice. Vor 5 Jahren hat die IT den Schritt in die Virtualisierung gewagt.


More articles

46% of web apps have critical vulnerabilities.

Source: Acunetix

Our mission

Codepurple stands for a hands-on approach to cybersecurity. It is our goal to find security vulnerabilities that pose a risk to your company before they are discovered and exploited by attackers. In doing so, we show the customer what risk the respective vulnerability represents and what measures can be taken to close it.

For the security reviews, penetration tests or bug bounties, our experts rely on their many years of experience. Additionally, they are supported by an AI (artificial intelligence) developed by Codepurple, which allows to detect critical vulnerabilities efficiently and quickly.

Our team of well-trained specialists creates a synthesis of Red1 and Blue Team2, for this reason, our name Codepurple.


Thomas and David have been working together successfully for more than twenty years. In their professional life, they have already founded several companies and won over ten start-up competitions. The highlight was the Swiss Economy Award in the service category. All their projects have always been about web applications and digitalization. However, their passion is finding vulnerabilities and security holes in computer systems. Now, with Codepurple, they combine their experience from 20 years of web development with their passion for hacking.


Thomas Federer
Bachelor of Science in Computer Science
Email Icon LinkedIn Icon


David Peyer
Bachelor of Science in Computer Science
Email Icon LinkedIn Icon

Approximately 30,000 new websites are hacked every day.

Source: Forbes