BDDK sızma testi nedir?

BDDK sızma testi, Bankacılık Düzenleme ve Denetleme Kurumu'nun bankalara ve finansal kuruluşlara yönelik zorunlu kıldığı periyodik güvenlik denetimidir. Bu testler, bankacılık sistemlerinin siber saldırılara karşı direncini ölçer ve regülasyon uyumunu belgeler.

EPDK sızma testi ne sıklıkla yapılır?

EPDK düzenlemelerine göre enerji sektöründeki kritik altyapı işletmecileri yılda en az bir kez sızma testi yaptırmakla yükümlüdür. OT/SCADA sistemlerini kapsayan testler özel metodoloji gerektirir.

SPK sızma testi kim için zorunludur?

SPK düzenlemeleri kapsamında aracı kurumlar, portföy yönetim şirketleri ve diğer sermaye piyasası kuruluşları düzenli sızma testi yaptırmakla yükümlüdür.

TSE 13638 sertifikalı firma olmanın avantajı nedir?

TSE 13638 standardı, sızma testi hizmeti sunan firmaların akredite edilmesi için Türkiye'de uygulanan ulusal standarttır. TSE 13638 sertifikalı firmalarla çalışmak, yasal yükümlülüklerin karşılanmasını ve denetim süreçlerinde belgesel güvence elde edilmesini sağlar.

Sızma testi fiyatı nasıl belirlenir?

Sızma testi fiyatı; testin kapsamına, hedef sistem sayısına, test süresine, regülasyon gereksinimlerine (BDDK, EPDK, SPK, TSE, PCI-DSS) ve raporlama derinliğine göre değişir. Netlore Security ücretsiz ön görüşme ile kurumunuza özel fiyatlandırma sunar.

Services / Offensive Security / Penetration Testing

Offensive Security · Penetration Testing

From the attacker's perspective, evidence-based security.

We test your systems using the same techniques real attackers employ. Evidence-based security assessments aligned with international standards.

Request Assessment Our Test Process

Certifications: OSCP · OSWE · OSCE · GPEN · CRESTMethodology: PTES · OWASP · OSSTMM · NIST

engagement — recon → report

$ nmap -sV --top-ports 1000 target.kurum.com.tr

[+] 443/tcp open https

98%

Vulnerability Detection Rate

500+

Completed Projects

70%+

Manual Testing Rate

99%

Client Satisfaction

// 01 — Overview

What is Penetration Testing and Why is it Necessary?

Penetration testing is a controlled attack simulation where authorized security experts identify vulnerabilities in your information systems using real attacker techniques. Going beyond automated scanning tools, it leverages human intelligence and creativity to construct complex attack chains and measure your systems' resilience against a real-world attack.

As cyber attacks grow increasingly sophisticated, relying solely on defensive mechanisms like firewalls and antivirus is no longer sufficient. Penetration testing evaluates the effectiveness of your defense layers through an independent lens and uncovers the weak points that attackers could exploit.

// 02 — Service Architecture

All offensive security, built on a single discipline

Penetration testing is the core of Netlore's offensive security practice — from red teaming to source code analysis, from cloud testing to compliance, everything rests on this foundation.

Core Service

Penetration Testing

Evidence-based, manual-driven, standards-aligned. The methodological foundation and quality bar for all our offensive services is set here.

Test Types9 areas

Network & Infrastructure
Active Directory
Web
API
Mobile
Cloud
Kubernetes
SCADA/OT
IoT

Methodologies4 frameworks

PTES
OWASP
OSSTMM
NIST · CREST

Compliance6 regulations

BDDK
PCI-DSS
EPDK
ISO 27001
KVKK
SPK/TSE

Sectors6 verticals

Finance
Energy
Government
Telecom
Healthcare
E-commerce

// 03 — Test Approaches

Testing Approaches

We determine the most suitable testing approach together, based on your organization's needs and security maturity level.

Black Box

Black Box Testing

Simulates a real external attacker. No prior information about the target is given to the tester. Testing begins with only an IP address or domain name. This approach reveals how your organization looks from the outside and how deep an attacker can penetrate.

Best ForOrganizations looking to assess their external threat surface

White Box

White Box Testing

The most comprehensive security analysis approach. The tester is provided with detailed information including source code, architectural diagrams, network topology, and credentials. This uncovers deep vulnerabilities beneath the surface, business logic flaws, and insecure coding practices.

Best ForOrganizations seeking comprehensive security audit and code-level analysis

Grey Box

Grey Box Testing

The approach that best reflects real-world scenarios. Limited information is provided to the tester: standard user accounts, API documentation, or partial architectural information. This evaluates both insider threat scenarios and attacks that push the boundaries of authorized user access.

Best ForOrganizations looking to test insider threat and privilege escalation scenarios

// 04 — Methodology

Methodologies Aligned with International Standards

PTES (Penetration Testing Execution Standard)

An industry-standard framework with 7 phases: pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. Forms the foundation of every test engagement.

OWASP Testing Guide v4.2

The most current OWASP guide covering 66 different control categories for web and API security testing. We deeply test all OWASP Top 10 categories including Injection, Broken Access Control, and Security Misconfiguration.

OSSTMM v3 (Open Source Security Testing Methodology)

A scientific security testing methodology producing measurable and repeatable results. We quantify your security level using RAV (Risk Assessment Values) metrics.

NIST SP 800-115 & CREST

We apply testing processes compliant with NIST's technical security testing guidelines and CREST (Council of Registered Ethical Security Testers) standards.

// 05 — Process

Our Testing Process: End to End

Every engagement is managed through a transparent and systematic process, from the scoping meeting to the final validation test.

1scope →

Scoping and Planning

Test objectives, Rules of Engagement, communication protocols, emergency procedures, and timeline are defined together. IP ranges, application URLs, out-of-scope systems, and escalation points are established.

2recon →

Reconnaissance and Intelligence Gathering

Comprehensive intelligence is gathered about the target using passive and active collection techniques. OSINT, DNS enumeration, subdomain discovery, email harvesting, technology fingerprinting, and social engineering reconnaissance are performed.

3scan →

Vulnerability Analysis and Scanning

All potential vulnerabilities in target systems are mapped using a combination of automated scanning tools and manual analysis techniques. Port scanning, service enumeration, CVE matching, and configuration analysis are conducted.

4exploit →

Exploitation and Deep Access

Identified vulnerabilities are safely exploited to measure their real impact. Advanced techniques such as privilege escalation, lateral movement, pivoting, data exfiltration simulation, and domain dominance are applied in a controlled environment.

5report →

Reporting and Presentation

A comprehensive report is prepared for each finding with CVSS v3.1 score, detailed technical description, Proof-of-Concept screenshots, business impact analysis, and step-by-step remediation recommendations. Separate presentations are delivered for management and technical teams.

6verify ✓

Validation and Re-test

After remediation time is provided, all findings are retested to verify patch effectiveness. Re-test results are presented as a comparative report. Alternative remediation recommendations are provided for unresolved findings.

// 06 — Test Types

Penetration Testing Types

We offer specialized testing services for every technology layer and platform. We perform testing on a single area or combined testing across multiple layers based on your needs.

Network and Infrastructure Testing

We identify vulnerabilities in your internal and external network segments to reduce your attack surface.

External Network Penetration Testing
Internal Network Penetration Testing and Active Directory Security Assessment
Wireless Network Security Testing (WPA2/WPA3, Rogue AP Detection)
VPN, Remote Access, and Segmentation Testing
Firewall, IDS/IPS Bypass, and Firewall Rule Analysis

Web Application Testing

Comprehensive web security analysis covering OWASP Top 10 and beyond, including business logic flaws.

SQL Injection, NoSQL Injection, and ORM Injection
Cross-Site Scripting (XSS), CSRF, and Clickjacking
Authentication and Session Management Vulnerabilities
Authorization Bypass, IDOR, and Access Control Testing
Business Logic Flaws and Payment/Financial Flow Testing

API Security Testing

We test your REST, GraphQL, and SOAP APIs in accordance with OWASP API Security Top 10.

REST and GraphQL API Endpoint Security Testing
OAuth 2.0, JWT, and API Key Management Security Analysis
Rate Limiting, Input Validation, and Mass Assignment Testing
Inter-Microservice Communication and Service Mesh Security
API Gateway Configuration and Data Leakage Testing

Mobile Application Testing

We test your iOS and Android applications according to OWASP MASTG/MASVS standards.

iOS and Android Static and Dynamic Analysis
Reverse Engineering and Runtime Manipulation Testing
Data Storage, Encryption, and Keychain/Keystore Security
Certificate Pinning, SSL/TLS, and Network Traffic Analysis
Mobile Backend API and Push Notification Security Testing

Cloud Security Testing

We identify configuration errors and security vulnerabilities in your AWS, Azure, and GCP environments.

IAM Policy and Authorization Configuration Analysis
S3, Blob Storage, and Object Storage Security Testing
Container and Kubernetes Security Assessment
Serverless Function Security Testing
Cloud-Native Application and CI/CD Pipeline Security

SCADA/OT and IoT Testing

We assess security risks in your industrial control systems and IoT devices.

SCADA/ICS Protocol Analysis (Modbus, DNP3, OPC UA)
PLC and HMI Security Assessment
IoT Device Firmware Analysis and Hardware Security
OT Network Segmentation and Access Control Testing
IT/OT Convergence Point Security Assessment

// 07 — Real World

Real-World Test Scenarios

Examples from common attack chains discovered during our penetration tests.

External → Internal

External to Internal Network Access

Internal network discovery through an SSRF vulnerability in an externally-facing web application, followed by gaining access to the domain controller via an unpatched service.

Potential ImpactComplete takeover of the Active Directory infrastructure

API · IDOR

Data Leakage Through API

Unauthorized access to other users' personal data and financial information through an IDOR vulnerability in the mobile application's backend API.

Potential ImpactRisk of exposing 500,000+ users' personal data

Privilege Escalation

Insider Threat and Privilege Escalation

Starting from a standard user account, compromising service account credentials through a Kerberoasting attack and achieving domain admin privileges.

Potential ImpactUnrestricted access to all corporate data

// 08 — Deliverables

Deliverables

Executive Summary

Management report containing overall risk assessment, critical findings summary, and strategic recommendations for non-technical decision makers.

Technical Detail Report

Comprehensive technical document including detailed descriptions, CVSS v3.1 scores, attack vectors, Proof-of-Concept (PoC) evidence, and screenshots for each vulnerability.

Risk Matrix and Prioritization

Visual risk matrix classifying all findings by criticality, likelihood, and business impact, along with a prioritized action list.

Remediation Guide

Step-by-step remediation instructions, secure configuration examples, and reference code snippets for each vulnerability.

Comparative Re-test Report

Post-remediation validation test results, comparative progress report against previous findings, and closure rates.

Compliance Mapping

Mapping of findings to relevant regulations (BDDK, PCI-DSS, ISO 27001, GDPR) and compliance gap analysis.

Presentation and Briefing

Interactive presentations prepared separately for the board and technical teams, including Q&A sessions.

Attack Surface Map

Comprehensive attack surface diagram showing all discovered assets, open ports, services, and relationships between them.

// 09 — Why Netlore?

Why Netlore Security?

Certified Expert Team

Our team consists of experienced security researchers holding OSCP, OSCE, OSWE, GPEN, GWAPT, CEH, and CREST certifications who actively participate in bug bounty programs.

Industry Experience

We have hundreds of project experience across finance, energy, telecommunications, healthcare, government, and e-commerce sectors. We understand each sector's unique regulatory and risk profile.

Manual Testing Focus

We don't rely solely on automated tools. In every engagement, our expert testers uncover findings that tools miss, from business logic flaws to complex attack chains.

Transparent and Detailed Reporting

We apply the most detailed reporting standards in the industry, providing PoC, CVSS scores, business impact analysis, and step-by-step remediation recommendations for each finding.

Free Re-test Guarantee

We provide free post-remediation validation testing for all our projects. We stand by you until your findings are closed.

Local and Trusted

As a TSE-approved, ISO 27001 and ISO 20000-1 certified organization, your data and test results are protected within Turkey's borders under the highest confidentiality standards.

// 10 — Regulatory Compliance

Regulatory Compliance

BDDK

Mandatory annual penetration testing requirement in the banking sector.

PCI-DSS

Annual penetration testing and ASV scanning obligation for organizations processing card data.

EPDK

Periodic security testing obligation for critical infrastructure in the energy sector.

ISO 27001

Regular security assessment requirement within the information security management system.

GDPR / KVKK

Verification of the adequacy of technical measures for personal data security.

SPK / TSE

Mandatory security testing for capital markets and public institutions.

// 11 — FAQ

Frequently Asked Questions

How long does a penetration test take?

The duration varies depending on test scope, number of target systems, and test type. A standard external network penetration test takes 1-2 weeks, a comprehensive web application test 2-3 weeks, and an internal network and Active Directory security assessment 2-4 weeks. An exact timeline is provided during the scoping meeting.

How often should penetration testing be performed?

Regulatory requirements (BDDK, PCI-DSS, EPDK) mandate penetration testing at least once a year. However, as best practice, testing is also recommended after major system changes, before new application launches, after infrastructure updates, and when a significant security incident occurs. High-risk profile organizations should test 2-4 times per year.

Will our systems be damaged during the penetration test?

No. All tests are conducted in a controlled environment within pre-established Rules of Engagement. Tests that could cause service disruption, such as DoS/DDoS, are performed only with explicit client approval and typically during maintenance windows. Additional protection protocols are applied for critical production systems. In case of an extraordinary situation during testing, immediate intervention is provided.

What is the difference between penetration testing and vulnerability scanning?

Vulnerability scanning is a process that detects known security vulnerabilities using automated tools and typically produces a high rate of false positives. Penetration testing is a comprehensive security assessment where an expert security researcher actually exploits identified vulnerabilities to prove business impact and uncovers logical flaws, configuration issues, and attack chains that vulnerability scans cannot catch.

What is delivered after the penetration test?

After testing: an Executive Summary, detailed technical report, CVSS v3.1 score-prioritized vulnerability list, Proof-of-Concept (PoC) evidence for each finding, risk matrix, step-by-step remediation guide, compliance mapping document, and attack surface map are provided. Free re-test and comparative progress report after remediation are also included.

How are penetration testing prices determined?

Pricing depends on factors such as test scope (number of IPs/URLs), testing approach (Black/White/Grey Box), application complexity, technology stack, compliance requirements, and test duration. A custom scoping meeting is held for each project and a detailed proposal is submitted. We can determine your needs together with a free preliminary assessment consultation.

What happens if a critical vulnerability is found during testing?

Critical and high-risk findings are immediately reported to the client without waiting for the full report. Communication channels and emergency procedures defined during the scoping phase are activated. The finding's detailed description, exploitation scenario, and interim remediation recommendations are shared immediately.

What preparations are needed for a penetration test?

Before testing: IP ranges and URL information of target systems, test environment access credentials (if applicable), network diagrams or architectural documents (for White/Grey Box), written authorization, and emergency contact information should be prepared. All requirements are communicated in detail during the scoping meeting.

Assess Your Security Posture

Measure the true security level of your systems with our certified expert team. Start with a free preliminary assessment consultation.

Request Assessment

Offensive Services

Defensive Services

Training & Consultancy