Penetration tests for medical products and applications


With targeted penetration tests (pentests), our IT security experts carry out cyber attacks on your software products (e.g. medical applications) as well as on your infrastructures. In this way, we uncover vulnerabilities that hackers can use to penetrate your systems or applications.

What the legislator requires

The digital health application regulation DiGAV requires a penetration test as a basic requirement before placing the application on the market. This must follow the implementation concept for penetration tests recommended by the German Federal Office for Information Security (BSI) and also take into account the OWASP Top-10 security risks.

For medical applications vendors, it is not enough to just submit a pentest. The identified security vulnerabilities must also be demonstrably remediated before being placed on the market. If you wish, our team of experts can provide you with further support after the IT security assessment, for example in closing the identified security gaps. You can rely on both our certified IT security experts and our experienced software architects to work together on solutions to bring your application to market quickly.

Benefits of secure healthcare applications

By performing penetration tests of your medical applications, you not only comply with the mandatory legal requirements, but also protect your company and your patients from numerous other threats. You thereby reduce the risks of fines in the event of a GDPR breach and the associated damage to your company's image.


Preserve data integrity through secure, non-compromisable healthcare applications.


Protecting the privacy of your company and patient data.


Minimize risks to both your company and your patients.


Regulatory compliance is achieved by our experts testing your products.

Operating medical applications in compliance with the law

Our certified IT security specialists guide you iteratively through the four phases of the IT security assessment. We are at your side from the gathering of information to the re-testing of the closed security gaps. In addition, you can contact our experts at any time and ask questions about emerging security concerns or architecture and design decisions.

We simulate various scenarios and procedures as needed for your application, working closely with your team.

Our team of experts at your side

To provide the highest standards for your security testing, we have provided a team of certified IT security specialists and experienced software architects. Our qualifications include:

  •     OSCP - Offensive Security Certified Professional
  •     RTO - Red Team Operator - Zero Point Security
  •     Software Security - University of Maryland
  •     Cryptography - University of Maryland
  •     Hardware Security - University of Maryland
  •     AWS Certified Security Specialty
  •     Microsoft Certified; Azure Security Engineer Associate AZ-500
  •     Microsoft Certified: Cybersecurity Architect Expert SC-100

What we offer

Why you should choose a penetration test from Johner Institute:


We create clarity about your IT security situation, both at application and network level.

Time saving

Our fast response time and short execution time will get your product to market faster and more safely.


You benefit from tool-supported report generation and our vulnerability database.


You can draw on many years of experience in the medical device environment.


Your products meet standards in the IT security environment.


Regular penetration tests protect against image damage and data loss.

Our support for your products

We offer our IT services for the following products and applications:

  •     Medical applications
  •     Cloud applications and web services
  •     Backend infrastructures
  •     Corporate networks
  •     Cloud networks
Book a non-binding consultation appointment now

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.