Home / Services / DORA Penetration Testing

DORA Penetration Testing

Security testing for EU Digital Operational Resilience Act

3-4 weeks Starting at $15,000
Request a Quote View all services
DORA Penetration Testing ASSESSMENT
2
CRITICAL
6
HIGH
11
MEDIUM
5
LOW
External perimeter testingPASSED
Application security testingPASSED
Remediation verificationIN PROGRESS
Final report deliveryPENDING
Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

The Digital Operational Resilience Act (DORA) requires financial entities in the EU to maintain robust ICT risk management and undergo threat-led penetration testing (TLPT). Our DORA penetration testing validates your digital operational resilience and satisfies Article 26 TLPT requirements.

Our Process

What We Test & How

What We Test

We assess your ICT systems, platforms, and infrastructure supporting critical financial functions. Testing covers live production systems that support critical or important functions, including payment systems, trading platforms, customer-facing portals, and third-party ICT service provider integrations.

Our Approach

Our DORA TLPT methodology follows the TIBER-EU framework as required by Article 26. We conduct threat intelligence-led red team testing against your critical functions, assess ICT third-party risk, validate incident reporting capabilities, and evaluate your digital operational resilience framework. Testing is coordinated with relevant financial supervisory authorities.

Deliverables

What You'll Receive

Everything included in your engagement report.

DORA-compliant TLPT report

TIBER-EU aligned assessment results

ICT risk management validation

Critical function resilience assessment

Third-party ICT risk evaluation

Incident reporting capability assessment

Digital operational resilience gap analysis

Retest validation report

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

1

Critical function identification and scoping

2

Threat intelligence gathering and scenario development

3

Red team testing of live production systems

4

ICT risk management control validation

5

Third-party ICT concentration risk assessment

6

Incident classification and reporting testing

7

Business continuity and recovery testing

8

DORA evidence documentation and supervisory coordination

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Insufficient ICT Third-Party Risk Management Weak Incident Detection and Classification Missing Recovery Time Objectives for Critical Functions Inadequate ICT Change Management Controls Insufficient Access Controls on Critical Systems Missing ICT Concentration Risk Assessment Incomplete Incident Reporting Procedures Gaps in Digital Operational Resilience Testing
Who It's For

Ideal For

Banks and Credit Institutions
Investment Firms and Funds
Insurance and Reinsurance Companies
Payment Service Providers
Crypto-Asset Service Providers
Critical ICT Third-Party Service Providers
Compliance

Standards We Support

DORA (EU 2022/2554) TIBER-EU EBA Guidelines EIOPA Guidelines

Ready to Get Started?

$15,000

Typical engagement: 3-4 weeks

Request a Quote
More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Web Application Penetration Testing

Comprehensive security assessments of your web applications

Starting at $7,500 Learn more

API Penetration Testing

Secure your REST, GraphQL, and SOAP APIs

Starting at $7,500 Learn more

Active Directory & Domain Penetration Testing

Assess your Windows domain infrastructure security

Starting at $10,000 Learn more
Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation

Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!