Join the Webinar | Strong Protection Against Cyber Threats

Scada System Penetration Tests

Scada system; Distributed Control Systems (DCS), which collects continuous and real-time field data from various devices such as I/O Systems and smart sensors, covers automatic control, monitoring and reporting of results of all units, from control of all equipment to production planning, from environmental control units to auxiliary enterprises, and provides information to the user when necessary. It is a remote monitoring system that gives early warning. The functions of Scada systems are monitoring, control, data collection and recording of data.


In Scada Systems Cyber Security Testing;

  • Segmentation Analysis
  • Visibility Analysis
  • Authentication Infrastructure Analysis
  • Patch Analysis
  • Remote Access Analysis
  • Anti-Malware Analysis
  • Cyber Incident Monitoring / Response Analysis and Penetration Tests



Segmentation Analysis

Monitoring and controlling network system communications by dividing the existing network into subnets ensures that possible cyber attacks can be easily managed and the effects of cyber attacks can be reduced. If one of the hosts in the network segment is compromised, a reduced attack surface is created so that it can pivot. Common attack vectors such as LLMNR and NetBIOS poisoning can be partially mitigated by proper network segmentation because they only operate on the local network. In the segmentation test, field inspections are carried out and penetration tests are carried out with passive or active analysis over the existing network topology, and segmentation details and possible security risks are reported.

Visibility Analysis

Logs of control systems are monitored and visibility analysis is reported with data from field testing.

Authentication Infrastructure Analysis

It is the stage where the information obtained is reported by analyzing whether the authentication methods are secure or not, checking the accessibility of authorized accounts in case of any cyber attack.

Patch Analysis

In patch analysis, updates and patch management of the operating system and applications are checked and the obtained data is reported.

Remote Access Analysis

It covers the detection and reporting of possible security vulnerabilities by determining the reliability of remote access methods and when access is provided.

Anti-Malware Analysis

It is checked whether a solution has been developed to prevent the execution of malicious software and the obtained data is reported. 

Cyber Incident Monitoring and Response Analysis

Cyber incident policies and procedures should specify who will intervene and how in the event of a cyber attack. It is reported whether the log record is recorded in any log system and whether there is a response plan to the cyber attack.

Penetration Tests

Penetration testing is the process of simulating cyber attacks by cyber security experts in order to identify possible vulnerabilities and take precautions by performing various tests on companies' network infrastructures, hardware, software and applications, and reporting the test results. Penetration tests can be examined in three groups. There are three types of penetration tests: Whitebox Penetration Test, Blackbox Penetration Test and Greybox Penetration Test.

  • Whitebox Penetration Test

In this method, the test expert is given information about the entire system by authorized persons and the damages that people who have previously worked or are currently working in the company can cause to the system are simulated. It is the type of penetration test that has the least risk of damaging the system.

  • Blackbox Penetration Test

It is when the tester simulates the attack by pretending to be a hacker without any knowledge.

  • Greybox Penetration Test

It is the simulation of the damage caused by an unauthorized user in the internal network by the tester.

Stages of Penetration Testing

  • Planning

This is the stage where the scope and objectives of the penetration test (type of test, date and time to be performed, people who will perform the test) are determined.

  • Data collection

It is the active or passive collection of information from the system to be tested for penetration. Active information collection is information collection done by communicating directly with the target system. Passive information collection is the collection of information over the internet without communicating with the target system.

  • Scanning and Discovery

It is done to understand how the system will react to attack attempts. It is divided into two: static analysis and dynamic analysis. Static analysis is predicting the behavior of the application by examining the application code. Dynamic analysis is to check the code that is running.

  • Gaining Access

It is the stage where access to the system is gained by using the vulnerabilities detected during scanning and discovery.

  • Ensuring Access Continuity

This is the stage in which the authority is increased after the system is infiltrated and the access is made permanent.

  • Analysis & Reporting

This is the stage where all transactions made, detected vulnerabilities and accessible sensitive data are analyzed and presented to the company.

Penetration Test Types 

  • External Network Penetration Test
  • Local Network Penetration Test
  • Web Application Penetration Testing
  • Wireless Network Penetration Testing
  • Mobile Application Penetration Testing
  • Social Engineering
  • DDOS Tests


Frequently Asked Questions About SCADA Penetration Testing

Why Should I Perform SCADA Penetration Testing?

SCADA systems have moved from closed networks to open source solutions to TCP/IP enabled networks. This has caused security vulnerabilities. Not only data is damaged, but also production can be disrupted by the control of the facilities, which causes physical damage and risks. Live systems are tested to effectively manage and mitigate this risk. Damages in my system are detected or areas where damage is foreseen are determined. With the tests conducted by our experts, we offer you the opportunity to better understand the security measures and vulnerabilities and prepare for future attacks before it is too late. We offer a professionally created plan to improve your security measures and prevent the dangers and costly damage from real security breaches.

Where is SCADA System Used?

A SCADA system is a common industrial process automation system used to collect data from devices and sensors located at remote sites and transmit data from a central site for monitoring or control. SCADA; It is used in power generation facilities (Nuclear, Hydroelectric), power lines, flow measurement equipment in pipelines, natural gas production and processing facilities, and many factory systems.

What are the tools used in SCADA Penetration Testing?

Below are some examples of tools used in SCADA Penetration Testing: Nessus Network Security Toolkit SamuraiSTFU SecurityOnion Metasploit PuTTy NetCat/CryptCat winAUTOPWN Cain&Abel nmap Scripts smod plsscan WireShark