Select Page


VarBITS was founded in 2015, to work with various international companies and governments. Since our inception, we have consistently delivered high-quality penetration testing reports to our clients, that focuses in particular on the broad security posture of their applications.

An example of this, is that we utilize the OWASP ASVS 4.0 [External Link] from an attacker’s perspective, along with customized in-depth checks for the majority of our projects, so that we cover the application’s attack surface thoroughly.


The primary service that we provide is penetration testing, more specifically for web applications and web services. VarBITS has extensive professional experience with applications written in PHP, .NET and Java.

VarBITS also provides other services such as:

  • Configuration review of web servers, databases, etc.;
  • Internal and external penetration tests;
  • Review of physical access controls; and
  • Customized penetration tests.


We offer penetration testing services directly to businesses that want (or require) a third-party (i.e. VarBITS) to review the security posture of the system in scope. The type of clients we typically work with, are medium to large sized businesses in the financial, transport, medical and telecommunication industries and governments.

Send us an email and we will get back to you within 24 hours, to talk about the type of project we can work on together.



We use almost the same tools as every other company who performs web application penetration tests. In other words, Burp Suite Pro with custom in-house developed tools and plugins for additional checks. The majority of our testing consists of manual testing and analysis.



• Hans-Michael Varbaek presents “From XSS to RCE 3.0” at Black Hat Europe 2018 [External Link]

• VarBITS commences work on penetration testing book for beginners.

• VarBITS releases “From XSS to RCE 2.75 + Extras” source code. [External Link]

• Hans-Michael Varbaek presents “From XSS to RCE 2.75” at Black Hat Europe 2017 [External Link]

• VarBITS commences online courseware contract with well-known information security training provider.

• Hans-Michael Varbaek presents “From XSS to RCE 2.5” at Black Hat Europe 2016 [External Link]

• Hans-Michael Varbaek presents “From XSS to RCE 2.0” at Black Hat Europe 2015 [External Link]




Scroll down for contact details.


Telephone: +45 89 88 5887

Email: contact[at]

VAT No: 36 57 80 41