Our company was founded in 2016 as a privately-held, independent consulting business. We aim to support our customers with their IT security concerns from the early design-phase on. Challenging projects and individual requirements are our daily business; we offer a broad expertise throughout various industries. Our demand is to provide you with an individual, realistic and helpful solution.

Our hand-picked consultants have a broad knowledge and several years of experience in the IT security sector. Speaking at major conferences around the world and several public advisories for vulnerabilities identified in both, open source and closed source products demonstrate our expertise better than glossy brochures. Please do not hesitate to contact us for details.


We are strongly networked in the IT security community, and over the years we have built strong connections and partnerships with other security researchers. Some of our trusted partners are named in the below sections..

Recurity Labs

Secfault Security GmbH has a close cooperation with Recurity Labs GmbH. We mutually benefit from our long-term relationship, from each other’s skill-set and from our experiences. Both companies share a common background and aim to support each other in both, the execution of customer projects and in performing research tasks.

Whirly Labs

Whirly Labs is a security consultancy with a specific focus on security automation and education lead by seasoned security experts. Strong professional ties between Whirly Labs and Secfault Security have existed long before the formation of the two companies, enabling the two companies to collaborate seamlessly.


Our friends at intcube are building the #Unconsultancy. We like and recommend their purpose-drivenness, dedication, and effectivity when it comes to strategic security consultancy, efficient solutions for mid-sized orgs, and unconventional approaches to tackle IT security at scale.

Reference Customers

Our customers value their privacy. We generally do not provide information about existing or past customer relationships or projects. However, if you are interested in talking to one of our customers directly, we can try to establish a contact on request. In this case, please get in touch with us.

One notable exception are customers who publish their assessment reports in order to transparently document their dedication to security. Such customers include the following:

In case you would like to get an impression of our work, please feel free to follow one of the links above.

Public Advisories

For a list of public advisories, please refer to our advisories page.