Home
BlogContact Us
Solutions  /  Security & Compliance  /  TSE Compliant Penetration Testing
Certification · TS 13638

With a TS 13638 certified team,
standards-compliant penetration testing

Our TS 13638-T2 certification independently assures personnel competence, methodology, confidentiality and reporting requirements.

TS 13638-T2Certified teamIndependent methodologyConfidentiality assured
Get a QuoteView Test Scope
Standard and Basis
Certification framework
StandardTS 13638-T2Personnel & firm requirements
Certificate holderNetloreCertified firm
ScopeMethodology + ConfidentialityCompetence & reporting
RecognitionBDDK · EPDK · TCMBRegulatory preference
01 — Overview

What Is TSE 13638 Penetration Testing?

The TS 13638-T2 standard, "Information Technology – Security Techniques – Requirements for Personnel and Firms Performing Penetration Testing," defines the competence, methodology, confidentiality and reporting requirements for the firm and personnel providing penetration-testing services. Certification is issued by the Turkish Standards Institution (TSE).

Netlore Security is a penetration-testing firm certified by the TSE and conducts its tests in line with the TS 13638 methodology and reporting format, helping you meet the "certified firm" expectation of regulations such as BDDK, EPDK, TCMB and KVKK.

Regulatory references
  • TS 13638-T2 — Requirements for Personnel and Firms Performing Penetration Testing (TSE certification)
  • The standard covers personnel competence, testing methodology, confidentiality and reporting requirements
  • BDDK, EPDK, TCMB and public-sector regulations require or encourage testing to be performed by TSE 13638-certified firms
02 — In Scope

Who Requires a TSE 13638-Certified Firm?

Many regulations and processes expect penetration testing to be procured from a certified firm:
Banks and financial institutions (BDDK)
Energy and critical-infrastructure operators (EPDK)
Payment and electronic-money institutions (TCMB)
Public institutions and critical infrastructure
Entities with data-security obligations under KVKK
Organizations in ISO 27001 and Trust Seal processes
The expected certification level and scope may vary by regulation; refer to the relevant regulator's guidance for current requirements.
03 — Technical Scope

Our TS 13638-Aligned Testing Approach

Following the TS 13638 methodology, we run tests covering the network, application, identity and cloud layers.

Standard Methodology

A structured testing methodology aligned with TS 13638, covering reconnaissance, vulnerability discovery, controlled exploitation and verification.

Certified Personnel

Tests are carried out by certified penetration testers holding the competencies defined by the standard.

Confidentiality and Data Security

Test data and findings are handled and stored in line with the standard's confidentiality requirements.

Standard Reporting

Findings are reported in TS 13638 format with an executive summary, technical detail and risk ratings.

Scope and Authorization

Test scope, targets and authorization are clarified in writing, and boundaries are kept well-defined.

Traceability and Documentation

All test steps are documented in a traceable manner, providing records for re-testing and audit.

04 — Methodology

Testing Process

Our TS 13638-aligned penetration-testing process spans from scoping to re-testing.
1

Scoping and Authorization

Target systems, test type (external/internal, application) and rules of engagement are defined in writing.

2

Reconnaissance and Vulnerability Discovery

Vulnerabilities are identified through asset discovery, automated scanning and manual analysis.

3

Exploitation and Verification

Identified vulnerabilities are exploited in a controlled manner to verify real-world impact.

4

Reporting

Findings are reported in TS 13638 format with risk ratings and remediation recommendations.

5

Re-testing

A closing verification (re-test) is performed for remediated vulnerabilities.

05 — Deliverables

Deliverables of a certified process

You receive an independent, auditable test file with the content that the standards call for.

Detailed technical penetration-test report in TS 13638 format
Executive summary and risk-rating matrix
Prioritized remediation recommendations
Re-test verification report
06 — FAQ

Your questions

What is TSE 13638?
TS 13638-T2 is the TSE standard that defines the competence, methodology, confidentiality and reporting requirements for personnel and firms performing penetration testing. Penetration-testing providers are certified by the TSE under this standard.
Is Netlore TSE 13638-certified?
Yes. Netlore Security is a penetration-testing firm certified by the TSE and conducts its tests in line with the TS 13638 methodology.
Which regulations require a TSE 13638-certified firm?
Regulations such as BDDK, EPDK and TCMB, along with many public-sector and critical-infrastructure processes, require or encourage penetration testing to be performed by certified, competent firms.
Who should perform the penetration test?
The test should be performed by certified personnel holding the competencies defined by the standard, within an independent and certified firm.
What does the test cover?
External and internal network penetration testing, web/mobile application and API security, authentication and authorization controls, and configuration weaknesses are typically in scope.
How often should penetration testing be performed?
Good practice is at least once a year; relevant regulations may require more frequent testing or testing after significant changes.
What is delivered after the test?
A technical report in TS 13638 format, an executive summary, risk ratings, prioritized remediation recommendations and a re-test verification are delivered.
Contact

Penetration Testing with Our TSE 13638-Certified Team

Have the independent penetration test required by regulators performed by our TSE 13638-certified team.

Get a Quote

Cookie Usage

We use cookies to improve your experience on our website. By continuing, you accept the use of cookies.

Cookie Policy