BRSA Compliant Penetration Test

BRSA Compliant Penetration Test2020-03-13T10:52:19+03:00

BRSA (Banking Regulation and Supervision Agency); is an autonomous public institution that conducts regulations and audits concerning the work of banks, financial institutions and companies. Nearly 200 institutions and organizations such as domestic banks, foreign bank representatives, financing companies and card institutions are subject to BRSA audit.

What is ISO 27001 Information Security Management System?

Information Security Management System (ISMS) was established under BRSA, Department of Data and System Management. It is audited and certified by the organizations subject to independent audit in terms of compliance with ISO / IEC 27001: 2013 standards.

BDDK Uyumlu Sızma Testleri

With ISO 27001 certification;

  • Protection of information against unauthorized access,
  • Ensuring the confidentiality of information,
  • Failure to share information with unauthorized persons,
  • Ensuring the integrity of information,
  • Authorized users can access the information when needed,
  • Providing information security training to employees,
  • Reporting all information security vulnerabilities and suspected weak points to responsible persons,

are guaranteed.

BRSA Compliant Pentest Coverage

As the most critical security attacks are concentrated on the banking and finance sectors, it has become compulsory for the BRSA to conduct BRSA compliant penetration testing in the banking and finance sectors. With the desired penetration test scope;

  • Wireless Network Systems
  • Code Analysis
  • ATM Systems
  • Internal Penetration Test
  • Database Systems
  • Social Engineering
  • Mobile Applications
  • Communication Infrastructure and Active Devices
  • Domain and User Computers
  • DDoS Tests
  • DNS Service
  • Web Applications
  • E-mail Services

examinations and tests are conducted. The report is then audited by the BRSA.

Frequently Asked Questions About BRSA Compliant Penetration Test

What are the methods and tools used in BRSA Compliant Penetration Testing?2020-03-13T10:48:25+03:00

The difference between the BRSA Compliant Penetration Test and other penetration tests in terms of test steps, methods and tools used is the scope of the test and the obligations of both the tester and the institutions having the test.For this reason, the methods and tools mentioned in our other Penetration Test articles on our website are examples of the methods and tools used in BRSA Compatible Penetration Tests.

What should be the scope of BRSA Compliant Penetration Testing?2020-03-13T10:48:09+03:00

As stated in the same communiqué, Minimum Penetration Test scope should include:

  • Communication Infrastructure and Active Devices
  • DNS Services
  • Domain and User Computers
  • E-mail Services
  • Database Systems
  • Web Applications
  • Mobile Applications
  • Wireless Network Systems
  • ATM Systems
  • Distributed Decommissioning Tests
  • Code Analysis
  • Social Engineering
  • Intranet Security Checkup
Why Should I Have BRSA Compliant Penetration Test2020-03-13T10:47:25+03:00

Banking and finance sector has become the target of the biggest cyber attacks both in our country and worldwide.
Pursuant to the subparagraph (d) of the third communiqué of the Communiqué on the Principles of Information Systems Management in Banks dated 24.07.2012 and numbered B.02.1.BDK.0.77.00.00 / 010.06.02-1; The banks in our country are obliged to have an independent infiltration test performed once a year.