How well protected is your company against cyber attacks?

Codepurple analyzes your IT systems and applications for their security. A security review by our specialists can identify vulnerabilities and configuration mistakes before they become critical for your company.

Closed Bug Bounty

During the Closed Bug Bounty program, we examine IT systems in depth. With your permission, we search for bugs and security-related configuration errors. You only pay for vulnerabilities we find.

learn more


A security review examines all IT systems on a broad scale. As a result, you receive a detailed report of what was examined and where security vulnerabilities were found.

learn more

43% of cyberattacks target SMEs!

Source: Symantec

Sensitive file scanner

After scanning over 2.6 million .ch and .li domains and finding hundreds of usernames, passwords, API keys, and bank accounts, we knew we were turning our program into a service. So that everyone can monitor their domains and no files become public unintentionally.

With the help of, anyone can monitor their domains and subdomains for a monthly price of a coffee.


  • Daily scans for exposed sensitive files
  • Automatic subdomain detection
  • Immediate notification on detection of an issue
  • More than 35 detection rules, being expanded constantly
  • No complex and complicated setup, just start in a few minutes

More info:

Do not reuse your password on different accounts.

Source: Codepurple


Datenleck über phpinfo() - Teil 2/2

Dies ist die Fortsetzung des 1. Teiles zu phpinfo(), welcher eine Einführung und eine Übersicht über die gefundenen Daten gibt. Bei einem Scan über 2.6 Millionen .ch und .li Domains haben wir nach öffentlichen phpinfo() Dateien gesucht und die gewonnen Daten analysiert. In diesem Teil untersuchen wir die brisanteren Daten-Lecks, welche wir gefunden haben und gehen darauf ein, wie diese durch Angreifer missbraucht werden können.


Datenleck über phpinfo() - Teil 1/2

Weiter geht es in der Serie der Scans der .ch und .li Domains. Dieses Mal untersuchten wir mögliche Datenlecks über phpinfo, was wiederum spannende Erkenntnisse zu Tage brachte. Bei diesem Scan wurden 2.6 Millionen Domains überprüft.


Directory listing auf Webserver ist gefährlich

Das auflisten von Dateien (Directory listing) die auf dem Web Server gespeichert sind birgt grosse Sicherheitsrisiken. Informationen können so preisgegeben werden, welche nicht für die Öffentlichkeit bestimmt sind.


More articles

46% of web apps have critical vulnerabilities.

Source: Acunetix

Our mission

Codepurple stands for a hands-on approach to cybersecurity. It is our goal to find security vulnerabilities that pose a risk to your company before they are discovered and exploited by attackers. In doing so, we show the customer what risk the respective vulnerability represents and what measures can be taken to close it.

For the penetration tests, our experts rely on their many years of experience. Additionally, they are supported by an AI (artificial intelligence) developed by Codepurple, which allows to detect critical vulnerabilities efficiently and quickly.

Our team of well-trained specialists creates a synthesis of Red1 and Blue Team2, for this reason, our name Codepurple.


Thomas and David have been working together successfully for more than twenty years. In their professional life, they have already founded several companies and won over ten start-up competitions. The highlight was the Swiss Economy Award in the service category. All their projects have always been about web applications and digitalization. However, their passion is finding vulnerabilities and security holes in computer systems. Now, with Codepurple, they combine their experience from 20 years of web development with their passion for hacking.


Thomas Federer
Bachelor of Science in Computer Science
Email Icon LinkedIn Icon


David Peyer
Bachelor of Science in Computer Science
Email Icon LinkedIn Icon

Approximately 30,000 new websites are hacked every day.

Source: Forbes