BDDK sızma testi nedir?

BDDK sızma testi, Bankacılık Düzenleme ve Denetleme Kurumu'nun bankalara ve finansal kuruluşlara yönelik zorunlu kıldığı periyodik güvenlik denetimidir. Bu testler, bankacılık sistemlerinin siber saldırılara karşı direncini ölçer ve regülasyon uyumunu belgeler.

EPDK sızma testi ne sıklıkla yapılır?

EPDK düzenlemelerine göre enerji sektöründeki kritik altyapı işletmecileri yılda en az bir kez sızma testi yaptırmakla yükümlüdür. OT/SCADA sistemlerini kapsayan testler özel metodoloji gerektirir.

SPK sızma testi kim için zorunludur?

SPK düzenlemeleri kapsamında aracı kurumlar, portföy yönetim şirketleri ve diğer sermaye piyasası kuruluşları düzenli sızma testi yaptırmakla yükümlüdür.

TSE 13638 sertifikalı firma olmanın avantajı nedir?

TSE 13638 standardı, sızma testi hizmeti sunan firmaların akredite edilmesi için Türkiye'de uygulanan ulusal standarttır. TSE 13638 sertifikalı firmalarla çalışmak, yasal yükümlülüklerin karşılanmasını ve denetim süreçlerinde belgesel güvence elde edilmesini sağlar.

Sızma testi fiyatı nasıl belirlenir?

Sızma testi fiyatı; testin kapsamına, hedef sistem sayısına, test süresine, regülasyon gereksinimlerine (BDDK, EPDK, SPK, TSE, PCI-DSS) ve raporlama derinliğine göre değişir. Netlore Security ücretsiz ön görüşme ile kurumunuza özel fiyatlandırma sunar.

Services / Offensive Security / Cloud Security Testing

Service · Cloud Security

We test your AWS, Azure and GCP cloud end to end.

From misconfigurations and IAM weaknesses to container and Kubernetes risks — we test every critical layer of your cloud environment from a real attacker's perspective.

AWSAzureGCPKubernetesIaC

Get a Quote See the Scope

Cloud Posture ScanCSPM

Misconfigurations

IAM findings

Exposed resources

Critical

Scanned Services

Amazon S3 / BlobCompliant

IAM / RBACReview

Security GroupsExposed

KMS / EncryptionCompliant

CloudTrail / LoggingCompliant

01 — Platforms

Supported Cloud Platforms

Expert security testing for all major cloud providers

Amazon Web Services (AWS)

Comprehensive security assessment for the most widely used cloud platform

IAM and access control analysis
S3 bucket security testing
EC2 and security group assessment
Lambda and serverless security

Microsoft Azure

Azure security testing for enterprise infrastructures

Azure AD and identity management
Storage account security
Virtual machine security assessment
Azure Functions security

Google Cloud Platform (GCP)

Detailed security analysis for your GCP infrastructure

GCP IAM and service accounts
Cloud Storage security testing
Compute Engine assessment
Cloud Functions security

02 — Test Scope

Testing Areas

All critical components of your cloud infrastructure are tested

Configuration Security

Misconfigurations and security vulnerabilities

IAM and Access Control

Identity and authorization mechanisms

Data Protection

Data encryption and storage security

Container and Kubernetes

Container orchestration security testing

03 — Common Vulnerabilities

Common Cloud Security Vulnerabilities

Misconfigurations

Open S3 buckets, public snapshots

Weak IAM Policies

Excessive permissions, weak authentication

Insecure APIs

API authentication and authorization issues

Lack of Data Encryption

Unencrypted storage and transmission

Insufficient Logging & Monitoring

Inadequate auditing and monitoring

Network Segmentation

Weak network isolation

04 — Methodology

Testing Methodology

Our comprehensive cloud security testing approach

Cloud infrastructure reconnaissance

Service and resource enumeration

Vulnerability exploitation

Privilege escalation

Persistence mechanisms

Detailed reporting

05 — Compliance

Compliance Standards

ISO 27017

Cloud services security standard

CSA STAR

Cloud Security Alliance certification

SOC 2

Service organization control

GDPR

Data protection compliance

06 — Frequently Asked Questions

Frequently Asked Questions

How long does cloud security testing take?

It takes an average of 3-5 weeks. This duration varies depending on the complexity, number of services and scope of your cloud infrastructure.

Will my services be interrupted during testing?

No, tests are performed with non-intrusive methods and your production systems are not affected. Separate test environments are used for critical tests.

Which cloud platforms are supported?

We offer testing services for AWS, Azure, Google Cloud Platform and all other major cloud providers.

Do you perform IaC (Infrastructure as Code) security analysis?

Yes, code analysis and security assessment is performed for all IaC tools such as Terraform, CloudFormation, ARM templates.

Do you perform Kubernetes security testing?

Yes, Kubernetes cluster security, pod security, network policies and RBAC configurations are tested in detail.

Service · Cloud Security

Secure Your Cloud Infrastructure

Comprehensive security assessment for your AWS, Azure or GCP infrastructure

Get a Quote

Offensive Services

Defensive Services

Training & Consultancy

Security & Compliance

Intelligence & Consulting

Products

Critical Infrastructure

Commercial Sectors

We test your AWS, Azure and GCP cloud end to end.

Supported Cloud Platforms

Amazon Web Services (AWS)

Microsoft Azure

Google Cloud Platform (GCP)

Testing Areas

Configuration Security

IAM and Access Control

Data Protection

Container and Kubernetes

Common Cloud Security Vulnerabilities

Misconfigurations

Weak IAM Policies

Insecure APIs

Lack of Data Encryption

Insufficient Logging & Monitoring

Network Segmentation

Testing Methodology

Cloud infrastructure reconnaissance

Service and resource enumeration

Vulnerability exploitation

Privilege escalation

Persistence mechanisms

Detailed reporting

Compliance Standards

Frequently Asked Questions

Secure Your Cloud Infrastructure

Cookie Usage