Vulnerability testing

Since September 2015, the National Cyber Security Center of the Special Service for National Security (NCSC) has been providing vulnerability assessment services according to the 271/2018 Government Regulation for those information systems which belong to state or municipal bodies and covered by the Information Security Act, as well as are entitled national security protection.

Vulnerability assessment – also known as ethical hacking – aims to reveal weaknesses of IT systems (e.g. potential software bugs, weak passwords, incorrect configuration, etc.), in order to give a comprehensive picture about the current security status of the tested systems, or its components. All of it could serve as initial information to manage risks, as well as to handle incidents.

Malicious attackers can cause significant damages by exploiting vulnerabilities, therefore the NCSC always makes recommendations how to fix the identified vulnerabilities in its report about assessment results. By taking necessary measures, there is a high probability of preventing the loss, or theft of confidential, and essential data, as well as unauthorized access to them.


The vulnerability assessment service conducted by NCSC is free of charge. Vulnerability assessment of the above mentioned organizations can only be carried out by NCSC.


Different types of vulnerability assessment:

  • External testing (30 days)
  • Internal testing (90 day)
  • Web application testing (75 days)
  • Wireless network testing (30 days)
  • Psychological manipulation (90 days)