Product security · Design to release

Secure by design.
Proven by test.

Two European specialists, one lifecycle. Primary Target's CodeX platform automates threat analysis and risk assessment while your product is still on the drawing board. TestArmy's engineers then attack, load, and probe what you build — before anyone else does.

Contact: primary-target.com testarmy.de

The offerings

Two disciplines, both non-negotiable

Regulators now expect security to be designed in and demonstrated. One company automates the paperwork-heavy analysis; the other supplies the humans who break things on purpose.

Design phase · Germany

Primary Target — CodeX

Munich-based Primary Target GmbH · patented, AI-powered platform

CodeX automates Threat Analysis and Risk Assessment (TARA) for industrial products — replacing manual, Excel-driven processes with an auditable, browser-based workflow backed by a database of 10,000+ threats.

  • Automated threat analysis across software and hardware components, with recommended countermeasures
  • Risk visualisation of residual risk across the whole system architecture
  • Secure workflow — access control, encryption with HSM, versioning, change tracking
  • TARA reuse — component analyses carry across projects and customers
  • Verticals: automotive, defense (incl. combat-field simulation), medical, aviation, marine
3 daysvs 40–60 manual
−93%cost per TARA
80%ISO 21434 coverage
Verification phase · Poland

TestArmy

Wrocław-based QA & cybersecurity testing group · 100+ certified testers & pentesters

TestArmy's specialists deliver AI-driven penetration testing, auditing, cybersecurity and quality testing of digital products — putting years of experience to work so companies can bring functional, secure solutions to market. Its customers operate critical infrastructure and build machines, ships, arms, medical and household devices.

  • AI-driven penetration testing, auditing and vulnerability assessment for web, mobile, and infrastructure
  • Test automation with Cypress, Selenium, Appium and modern stacks
  • Performance & functional testing for web and mobile products
  • UX, accessibility and QA consulting, plus developer staff augmentation
  • Credentials: ISTQB Platinum Partner, ISO 9001 & ISO 27001 certified
13years of experience
800+projects completed
95%certified professionals

Featured defence project · European Defence Fund

TRITON — Generative Automation of Security Penetration Tests

TRITON is a collaborative European Defence Fund (EDF) project co-developed by TestArmy and consortium partners. It focuses on fully automating penetration testing for high-security defence applications using advanced Generative AI and automated risk assessment technologies.

Capability 01

AI-powered ethical hacking

Generative AI and Generative Adversarial Networks (GANs) proactively execute automated, ethical attacks to map hidden vulnerability paths — in both pre- and post-testing phases.

Capability 02

Defence & critical infrastructure

Tailored for securing military Security Operation Centres (SOCs), telecom networks, and complex cloud and firmware infrastructures across civilian and military digital operations.

Capability 03

Human-as-a-Security-Sensor (HaaSS)

A novel concept that lets human operators continuously monitor penetration-testing progress, perform "what-if" analyses, and enforce policies in real time.

Capability 04

Consortium & backing

Co-developed by TestArmy alongside partners including UBITECH and EXUS AI Labs, and funded by the European Defence Fund 2022 Programme (EDF-2023-RA-SI) under Grant Agreement No. 101168103.

Learn more about the project's technological framework and updates:

Which fits when

Same goal, different points of attack

QuestionPrimary Target · CodeXTestArmy
What do you get? A SaaS platform that generates and maintains your TARA documentation A services team that tests, attacks, and audits your running product
When in the lifecycle? Concept and design — before and during development Development through release — on working builds
Built for whom? Makers of regulated industrial products: vehicles, medical devices, avionics, vessels, defense systems Any team shipping software: e-commerce, telecom, DevOps platforms, mobile apps
Replaces what? Manual Excel-based TARAs and scarce in-house security specialists Gaps in internal QA capacity and ad-hoc security reviews

Regulatory pressure

The deadlines are real

Since July 2024, vehicles without a completed threat analysis cannot be registered in Germany, and the EU Cyber Resilience Act demands full compliance by December 2027 — with fines up to €15M or 2.5% of turnover. These frameworks shape both offerings:

ISO/SAE 21434 EU CRA UN R155 NIS2 IEC 62443 DO-326A / EASA EU MDR / FDA NIST · OWASP ISO 9001 · ISO 27001

Start where the risk is

Bring a real product and a real deadline. Get a tailored CodeX demo on your own TARA data, or a scoped test plan from TestArmy's engineers — usually within one business day.