Your business capital is in information and workflows
The capital of your company is in the information and the information-processing processes. Their smooth operation must be ensured at all times. You want to prevent theft and manipulation of data and transactions at the application, operating system, and network levels. Therefore, you realize that it is not enough to provide the function of your system. The manipulation and operational security of your systems also deserves special attention.
Security gaps? Overload? Credible precautions?
The aspect of security already played a special role in the specification and implementation of your systems. During the acceptance and operation of your system, you need an independent assessment that your foresighted care has led to a reliable result. Hackers and industrial spies should not get a chance. Are there still security gaps despite all precautions? Is it possible to bring your system to its knees by selectively overloading it? You have to prove the result of your precautionary measures to third parties? Only a penetration test can provide answers to these questions.
Analysis, documentation and recommendations
SRC experts use the available information to identify potential security vulnerabilities and verify them in practice. The findings obtained are documented and analyzed. Ultimately, you gain the ability to optimize your system security with specific recommendations.
Security throughout the lifecycle of your IT systems
The actual goal of SRC’s penetration testing is not to detect security vulnerabilities. We are more concerned with anchoring the security of your systems in their lifecycle. With the experience of countless penetration tests, we can say that the aspect of system security is already of decisive importance in the design of a system for the success of the project in terms of time and cost. As a fundamental component of your agile implementation, security ensures management and user confidence.
PSD2
The EU’s second Payment Services Directive requires banks to implement an interface for authenticated account access. With the permission of the account holder, so-called third party providers (TPPs) are to be allowed to access the account information. The implementations are subject to supervision and audit by the European Banking Authority (EBA) and its national authorities.
More detailed are the drafts of the “EBA Guidelines on the security measures for operational and security risks under PSD2”. They urge financial institutions to comprehensively review their information security. The aim is to effectively identify potential vulnerabilities in their ICT systems.
Both in the specification and in the implementation of the XS2A interface, the aspect of security played a special role. You need an independent assessment for the acceptance and safe operation of your system. Here, it must be proven at the certification level that your foresighted diligence has led to a reliable result. Hackers and white-collar criminals should not get a chance. Are there still security gaps despite all precautions? Is it possible to bring your system to its knees by selectively overloading it? Do you need to make the result of your precautionary measures credible to the banking supervisory authority? Only a penetration test can provide answers to these questions.