Your company capital is embedded in information and workflows
Your company’s capital lies in the information and information processing processes. Their smooth running must be guaranteed at all times. You want to prevent the theft and manipulation of data and transactions on application, operating system and network level. Therefore it is obvious to you that it is not enough to provide the function of your system. Special attention should also be paid to the manipulation and operational security of your systems.
Security breaches? Overload? Credible precaution?
Security already played a special role in the specification and implementation of your systems. During the acceptance and operation of your system you need an independent assessment that your foresighted care has led to a reliable result. Hackers and economic spies should not get a chance. Are there still security gaps despite all precautions? Is it possible to bring your system to its knees through targeted overload? Do you have to prove the results of your precautionary measures to third parties? Only a penetration test can provide answers to these questions.
Analysis, documentation and recommendations
The SRC experts use the available information to identify potential security gaps and verify them in practice. The knowledge gained is documented and analysed. Finally, you gain the opportunity to optimize your system security with concrete recommendations.
Security throughout the entire life cycle of your IT systems
The actual goal of SRC’s penetration tests is not to detect vulnerabilities. It is more important to us to implement the security of your systems in their life cycle. With the experience from countless penetration tests, we can say that the aspect of system security is already in the design of a system of decisive importance for the temporal and economic success of a project. As a fundamental component of your agile implementation, security guarantees the trust of management and users.
With technical and organisational recommendations for action, the SRC experts provide you with the tools to ensure that the safety factor finds influence in every step of system development and maintenance.
Contact
Devrim Celik
SRC Security Research & Consulting GmbHPSD2
The second EU Payment Services Directive requires banks to implement an interface for authenticated account access. With the permission of the account holder, so-called third party providers (TPPs) are to be allowed to access account information. The implementations are subject to supervision and review by the European Banking Authority (EBA) and its national authorities.
The draft “EBA Guidelines on the security measures for operational and security risks under PSD2” are more detailed. They require financial institutions to comprehensively review their information security. The aim is to effectively identify potential vulnerabilities in their ICT systems.
The security aspect played a special role in both the specification and implementation of the XS2A interface. For the acceptance and secure operation of your system, you need an independent assessment. Here, it must be proven at certification level that your foresighted diligence has led to a reliable result. Hackers and white-collar criminals should not be given a chance. Are there still security gaps despite all precautions? Is it possible to bring your system to its knees by deliberately overloading it? Do you have to make the result of your precautionary measures credible to the banking supervisory authority? Only a penetration test can provide answers to these questions.
Topics
Find out about the topics that we support with our services.