The testing platform holds the tools and services that will help organisations to perform basic tests on their most commonly exposed infrastructures, starting with email and web servers. More tools will be added through time to increase the coverage of available tests.
Why such a platform?
When implementing a security strategy, one of the core issues is to identify priorities. Budgets are not infinite. Choices have to be made. A fair amount of guidance can be drawn from the traditional risk assessment exercises, but this often leads to abstract decision-making. In particular, how to identify security issues that require immediate investment. The goal of the NC3 Testing Platform is to make it possible to uncover actual security issues in a practical way. It does not intend to be comprehensive, but aim at helping to reduce the surface of exposure by identifying commonly exploited issues.
What is the NC3 Testing Platform?
It’s a set of tools that allow any organisation to start testing its systems in order to identify known weaknesses or vulnerabilities. Some of these tools will require working with security companies of the Luxembourg Cybersecurity Ecosystem and who agreed to partner with the NC3. Other tools are semi-automated and operated directly by the NC3. - The first set of tools is a semi-automated platform that will allow organisations based in Luxembourg to perform easily basic scans of critical parts of their infrastructure. While the manual ones are for free, there are possibilities to get more automated and broadened assessments as paid-for services. - The second set of tools is dedicated to specialized tests, focused on specific categories of systems. The first domain covered is IoT testing, given the high level of exposure that they generate. More tests will be added. - The last set of tools is the NC3 Testing Protocols. These are standard test protocols that will allow organisations to benefit from targeted manual testing conducted by security companies, in a foreseeable time and budget frame. This should permit engaging in a process that will ultimately lead to full-scale penetration testing, but in a way that does take into account budget and resources (time and employees) constraints. It is particularly targeted at SMBs and self-employed individuals. They are currently under development and will soon be available.
Who can benefit from the Testing Platform?
You have to be an organisation based in Luxembourg in order to access the Testing Platform. If you wish to register, you can follow this link. You'll fill a simple form and then be able to chose which services you want to benefit from. Unless you register for a Pro or Business membership through your profile page, some services won't be accessible.