DDoS testi yasal mı? İzin gerekir mi?

Evet, DDoS testleri yalnızca hedef sistemin sahibi veya yetkili yöneticisinin yazılı izniyle yasal olarak gerçekleştirilebilir. Tüm testlerimiz önceden imzalanan sözleşme ve yetkilendirme belgesi kapsamında yapılır. İzinsiz DDoS testi siber suç kapsamında değerlendirilir.

Testler canlı sistemde mi yapılır, kesinti olur mu?

Testler genellikle canlı ortamda kontrollü biçimde yapılır; amaç, gerçek saldırı koşullarında dayanıklılığı ölçmektir. Ancak başlangıç seviyesi düşük tutulur ve kademeli olarak artırılır. İş kritik sistemler için bakım penceresi veya test ortamı tercihi de değerlendirilebilir. Kesinti riski minimize edilir, acil durdurma prosedürü her zaman hazırdır.

Bir DDoS testi ne kadar sürer?

Test kapsamına ve altyapı büyüklüğüne göre değişir. Ortalama bir DDoS test projesi 1-2 haftalık planlama, 1-3 günlük aktif test dönemi ve 1 haftalık analiz/raporlama süresiyle toplam 3-4 hafta alır. Express paketler veya kapsamlı altyapılar için süre farklılaşabilir.

Hangi DDoS saldırı türlerini test ediyorsunuz?

L3/L4 katmanında volumetric (UDP flood, SYN flood, ICMP flood), protokol (SYN-ACK, fragmentation) ve L7 katmanında HTTP flood, Slowloris, slow POST gibi uygulama katmanı saldırılarını simüle ediyoruz. Test kapsamı, altyapınızın mimarisine göre özelleştirilebilir.

Test sonrası destek sunuyor musunuz?

Evet. Rapor tesliminin ardından teknik ekibinizle birlikte rapor sunumu yapıyoruz. 30 gün boyunca raporla ilgili sorularınızı yanıtlıyor ve iyileştirme sürecinde danışmanlık desteği veriyoruz. İsteğe bağlı olarak retest (yeniden test) hizmeti de sunabiliyoruz.

Professional DDoS Security Testing

Professional DDoS Security Testing Services

We test your infrastructure's resilience against DDoS attacks with controlled simulations, identifying and reporting security weaknesses.

Request a Free Preliminary Assessment

What Is a DDoS Testing Service?

Controlled Simulation

We measure your infrastructure's resilience by simulating real DDoS attack scenarios in a safe environment. All tests are planned in advance and performed with authorisation.

Multi-Layer Testing

We uncover all weaknesses with a broad test spectrum covering L3/L4 (volumetric) and L7 (application layer) attack types.

Detailed Reporting

We present test results in action-oriented reports, strengthening your security posture with prioritisation and remediation recommendations.

Who Is It For?

Our DDoS testing service is designed for organisations with critical infrastructure that prioritise uninterrupted service continuity.

E-Commerce Platforms

Online stores requiring high traffic and uninterrupted sales flow

Financial Institutions

Banks, payment systems and financial service providers

SaaS/Cloud Providers

Cloud infrastructure companies delivering uninterrupted service to their customers

Public Institutions

Government bodies providing critical infrastructure and citizen services

How Does the Test Process Work?

Preliminary Assessment

We analyse your current infrastructure and define the test scope and goals together. We complete the legal authorisation and contract process.

Test Planning

We prepare the attack scenarios (volumetric, protocol, application layer) and plan the test time windows and emergency procedures.

Controlled Simulation

We execute staged DDoS scenarios under real-time monitoring. We adjust the test intensity with instant feedback.

Analysis and Reporting

We analyse the collected data, prioritise the weaknesses and deliver a detailed report with actionable security recommendations.

What Do You Receive at the End of the Test?

Following the comprehensive test process, we provide all the data you need to strengthen your infrastructure.

📊 Technical Test Report

All attack scenarios executed and their results
Identified weaknesses and security vulnerabilities
Bandwidth, latency and resource consumption metrics
WAF/IPS/DDoS protection systems performance analysis

🎯 Prioritisation Matrix

Findings ranked by criticality level
Risk scoring (CVSS-like methodology)
Urgent / medium / long-term actions
Business impact and remediation cost estimates

🛠️ Remediation Recommendations

Mitigation strategies (rate limiting, filtering, etc.)
Architectural change and layered protection recommendations
CDN, scrubbing centre and anycast configuration advice
Monitoring and alerting system improvements

📞 Presentation and Support

Report presentation with executive and technical teams
Free follow-up meeting after 30 days
Consultancy during the remediation implementation process
Retest option (optional, discounted)

Frequently Asked Questions

Is DDoS testing legal? Is permission required?

Yes, DDoS tests can only be performed legally with the written permission of the owner or authorised administrator of the target system. All our tests are carried out under a pre-signed contract and authorisation document. Unauthorised DDoS testing is treated as a cybercrime.

Are tests performed on live systems? Will there be downtime?

Tests are usually performed on the live environment in a controlled manner; the aim is to measure resilience under real attack conditions. However, the initial intensity is kept low and increased gradually. For business-critical systems, a maintenance window or a test environment can also be considered. Downtime risk is minimised, and an emergency stop procedure is always in place.

How long does a DDoS test take?

It depends on the test scope and the size of the infrastructure. An average DDoS test project takes 3-4 weeks in total: 1-2 weeks of planning, 1-3 days of active testing and 1 week of analysis/reporting. The duration may differ for express packages or extensive infrastructures.

Which DDoS attack types do you test?

We simulate volumetric attacks at L3/L4 (UDP flood, SYN flood, ICMP flood), protocol attacks (SYN-ACK, fragmentation) and application-layer attacks at L7 such as HTTP flood, Slowloris and slow POST. The test scope can be customised to your infrastructure architecture.

Do you provide post-test support?

Yes. After the report is delivered, we present it together with your technical team. For 30 days we answer your questions about the report and provide consultancy support during the remediation process. An optional retest service is also available.

Test Your Infrastructure Before a Real Attack Does

Contact us for a free preliminary assessment meeting. We evaluate your current security posture and propose a test plan tailored to you.

📧 Get a Quote by E-mail 📞 Call Now

All tests are performed under an NDA (non-disclosure agreement). Your data is never shared with third parties.