For Civil Aviation Operators
Penetration Tests
SHT-Cyber Management System Standard framework, we test the IT/OT assets of civil aviation operators with real attack scenarios, technically verifying the risks, and provide usable in SHGM audits reports, a CAPA plan and a re-test service.
The SHT-Cyber Management System – What Is It?
SHT-Cyber (Civil Aviation Cybersecurity Management System Standard) is a regulation published by the Directorate General of Civil Aviation (SHGM) to enable operators in the civil aviation sector to manage their cybersecurity risks. It is a regulation. Covering critical infrastructure such as airports, airlines, navigation service providers and ground handling, this standard requires operators to secure their IT (Information Technology) and OT (Operational Technology) assets.
Who Is This Service For?
Airline Operators
Reservation, check-in, flight planning systems
Airport Operators
Terminal management, security, baggage tracking systems
Navigation Service Providers
Air traffic control, radar, communication systems
Ground Handling & Maintenance Organisations
Operations management with critical systems
Terminal Operators
Passenger handling, cargo management systems
Supplier/Integrator Companies
Critical software/hardware providers in the aviation ecosystem
Penetration Test Scope
Our SHT-Cyber compliant penetration tests cover all your technical assets, starting from your externally exposed attack surface through to internal network security, critical applications and OT/IoT components.
Test Areas
External Network Tests
Attack surface scanning and vulnerability exploitation tests on internet-facing servers, web applications, VPN, e-mail servers and DNS services.
Internal Network Tests
Active Directory, domain policies, internal servers, segmentation checks, privilege escalation and lateral movement scenarios.
Web Applications
OWASP Top 10 security vulnerabilities, SQL Injection, XSS, authentication and authorisation flaws, business logic tests, API security.
Mobile Applications
Local data storage, encryption, API communication, application permissions and code security tests in iOS/Android applications.
Wireless Networks (WiFi)
WLAN encryption security, guest network isolation, rogue access point detection, WPA2/WPA3 configuration assessment.
Social Engineering
Phishing e-mail campaigns, security awareness tests, physical security assessment (on request).
Database Security
Database authorisation checks, encryption status, backup security, SQL injection protections, sensitive data access tests.
OT/IoT Systems
Security assessment of operational technology components such as baggage tracking, CCTV, access control, SCADA and BMS (Building Management System).
Cloud Infrastructures
AWS, Azure, Google Cloud configuration reviews, IAM policies, storage security, container security tests (if any).
Test Process & Methodology
Our penetration testing process progresses in a professional and transparent structure, from the planning stage to the final re-test report. At every stage we work in coordination with your operation, applying a methodology that does not disrupt operations but reveals the real risks.
The scope is clarified with your asset inventory, critical systems, test window and target list. A Test Instruction (ToR) is prepared.
Passive/active scanning of target systems; open ports, services, technologies and potential attack vectors are identified.
Identified vulnerabilities are verified manually; their impact on the systems is measured with real attack scenarios (exploits).
Findings are classified by risk level; an executive summary + technical detail + business impact + remediation recommendations are prepared.
Methodologies We Use
OWASP Testing Guide
Industry-standard methodology for web application and API security testing
OSSTMM (Open Source Security Testing)
A comprehensive security testing methodology; network, physical and human factor
PTES (Penetration Testing Execution Standard)
Standardised execution of penetration testing processes
Deliverables & Outputs
Main Penetration Test Report
Executive summary, findings (technical evidence + screenshots), risk rating, business impact analysis and remediation recommendations
Corrective/Preventive Action (CAPA) Plan
An action plan for each finding, including the responsible person, due date, expected evidence and tracking fields
Re-test Report
Technical verification of remediations; the status of closed/remaining findings and the final risk level
Annexes & Supporting Documents
Scope list, test schedule, tools used, CVE references, methodology summary
Why Nesil Teknoloji?
SHT-Cyber Audit Experience
A practical, solution-oriented approach that knows SHGM audit expectations in the aviation sector
Certified Expert Team
Cybersecurity experts certified with OSCP, CEH, GPEN, CISSP
Operational Sensitivity
Test planning coordinated with maintenance windows that does not disrupt 24/7 operations
Confidentiality & Security
All test data is stored in an encrypted environment and securely destroyed at the end of the project
Follow-up & Support
3 months of Q&A support after the re-test; additional consultancy before the audit
Transparent Pricing
A clear budget based on scope; no hidden costs, flexible payment plans
Frequently Asked Questions
Is a penetration test mandatory under SHT-Cyber?
Although the SHT-Cyber standard does not contain a direct provision such as "perform a pentest X times a year", technical verification of risks in audit practice is invariably required. SHGM auditors expect a concrete answer to the question "How did you verify these risks?". The strongest and most accepted answer to this question is to present a professional penetration test report. For this reason, a penetration test effectively becomes mandatory, especially for Group 1 and Group 2 operators with critical systems.
Is there a downtime risk in the production environment during the test?
Our tests are planned on the principle of "not affecting operations". On critical systems a maintenance window is always used; DoS (denial of service) and load tests are never applied without written approval. Thanks to our experience in 24/7 aviation operations, we run a risk-free test process. A rollback plan is prepared before all tests.
Can the report be used directly in an SHGM audit?
Yes. Our reports are prepared in a format that can be presented to SHGM auditors. Their content includes: executive summary (for senior management), technical findings (screenshots and step-by-step evidence), risk rating (critical/high/medium/low), business impact analysis and remediation steps. Together with the re-test report, "findings closed" evidence is also provided.
Are OT systems (SCADA, BMS, CCTV) tested?
If OT/IoT components are in your asset inventory and scope approval has been given, yes, they are tested. However, on systems with high operational risk (for example baggage tracking, air traffic control) safe verification methods are preferred. If necessary, only configuration reviews or limited tests are performed; interventions that would stop operations are strictly avoided.
How long does the test take?
The duration varies by scope. For a typical small-to-medium operation it may be 2-3 weeks; for a large-scale airport or airline it may be 4-6 weeks. The process is planned as: Reconnaissance (2-5 days) → Active testing (5-15 days) → Reporting (3-5 days) → Re-test (2-3 days). At the first meeting a test schedule tailored to you is presented.
Which certificates do you hold?
Our team holds international certificates such as OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), GPEN (GIAC Penetration Tester), CISSP and CISA . We are also a firm accredited in Türkiye with the TSE Approved Penetration Testing Company (TSE-STF-065) certificate.
Do you provide post-test remediation support?
Yes. We provide Q&A support for 3 months after the re-test. We answer your technical questions about the findings and verify your remediation steps. We also evaluate your requests for additional consultancy before the SHGM audit. Optionally, we also offer a service to perform the remediations on your behalf.
How is the cost determined?
The cost is determined by the test scope (external network, internal network, number of web/mobile applications, OT systems), operation size and test duration. After the first meeting we provide you with a scope document (ToR) and a clear quote. There are no hidden costs; flexible payment plans are available.
Start Your SHGM Audit Preparation Now
Let's define the test scope (ToR), the test window and the deliverables together. Let's prepare an output package that gives a clear answer to the "how did you technically verify the risks?" question that will be asked in the audit.