Skip to Content
Back to services

Vulnerability Scanning and Penetration Testing for software-based products

Virtual
Pricing/Discount Options: Call #2
Unique Identifier: 593ef561-79c6-4cea-9fa0-ca7c0681660f

Service Description

To enhance the security of software-based products, ensure compliance, and mitigate risks, CETIC offers expertise in scanning your system with automated tools to identify known vulnerabilities and potential weak points that attackers could exploit. This method involves the use of specialized software to identify security flaws, such as obsolete software versions, incorrect configurations or unsecured open ports. Once these vulnerabilities have been identified, an action plan can be drawn up, including security measures to reduce the risks. We use industry standards such as OWASP Top 10 to configure the scanning process.

How can the service help you? We will provide complete scan reports as well as recommendations to lower the residual risk level and attack surface of your system. Together with a risk analysis, they can be used as a complete set of evidences towards authorities and customers.

How the service will be delivered? Our team will carry out comprehensive vulnerability analysis for your software product, and help you define the most appropriate action plan, taking into account your specific requirements and context. We scan your system using automated tools to detect known vulnerabilities or weak points that could be exploited by attackers. This method involves the use of specialized software to identify security flaws, such as obsolete software versions, incorrect configurations or unsecured open ports. Once these vulnerabilities have been identified, we define with you actionable recommendations including security measures to reduce the risks. Optionally, we can complement with an analysis of the source code by a tool that will scan the whole codebase searching for security violations. This will further improve the cyber-resilience of your product. Optionally, we can perform the security risk analysis of your product.

Service deployment: The service is usually deployed by simply having remote access to your product, so as to execute the vulnerability scanning. For the optional source code analysis, we need access to the code base.

Resources provided to client: Cybersecurity tests report Recommendations

Method reference: OWASP Top 10

Offerings: Software (Cybersecurity and privacy-protecting enhancements, development, maintenance, deployment, administration, etc.)
Provider Logo

Provider & Contact

Provider Organisation Centre D'Excellence En Technologies De L'Information Et De La Communication (CETIC)
Provider Country Belgium
Published Email tef-health-services@cetic.be

Pricing is available to registered users. SMEs receive significant state-aid reductions (GBER) — or, depending on the call, free services during the funded project. Sign in or register to see the price for your organisation.

Operational Details

Service Inputs The customer should provide at least the system to be tested or an access to this system. In case no other information is provided, the test are considered as black box testing. Optionally, in case of grey box testing, additional documentation can be provided such as specification, architecture description, etc... If the customer expects white box testing, all documentation together with the system configuration and source code should be provided.
Service Outputs The service output is an integrated report containing : - all actions performed; - all results found; - all vulnerabilities and findings; - recommendations related to the vulnerabilities and findings.
Service Standards OWASP Top 10
  • OWASP Top 10

Related services

  • AI cybersecurity evaluation

    Laboratoire National De Metrologie Et D'Essais (LNE)

    Evaluation of the AI system regarding its robustness against cybersecurity issues ( risk assessment, secure Data, access Control and Authentication, etc …) This will include the design of test protocols, the realization of tests, the analysis of results and production of a test reports.

    View service →
  • AI model evaluation and benchmarking on genomic datasets

    Karolinska Institutet (KI)

    ## Overview This service provides a comprehensive evaluation and benchmarking report for SMEs' AI models, leveraging genomic research datasets. Following agreed-upon protocols and recommendations, the AI model is rigorously tested against curated datasets. This occurs in a secure environment managed by Karolinska Institutet. SMEs submit their models to the Swedish TEF Health node under pre-signed agreements, ensuring full confidentiality. The evaluation and benchmarking process produces detailed insights, resulting in a report that supports SMEs in validating and refining their AI solutions. We provide expertise and technical support in the following areas: - Project design & management - AI model evaluation and benchmarking ### How can the service help you? This service helps address uncertainties about your AI model’s performance on external datasets. By providing thorough validation, it demonstrates the maturity and reliability of your model. The resulting report can serve as a valuable tool to build trust and confidence among stakeholders, supporting your efforts to showcase the model’s capabilities. ### How the service will be delivered? The service will be delivered according to established ethical agreements and guidelines, in collaboration with the SME and researchers from the Swedish TEF-Health node. Data usage is facilitated through a secure virtual environment managed by Karolinska Institutet, ensuring the highest standards of data protection. --- ## Additional information ### Provider description The Swedish TEF-Health node is a collaboration between Karolinska Institutet, SciLifeLab and RISE, and is led by Karolinska Institutet. Together, we offer world-leading services with our unique collection of core facilities. We can grant services in expert consulting, virtual- and physical testing in the range of in vivo imaging, ex vivo OMICS, pharmaceutical development, simulated healthcare environments, AI-system validation and development, advanced data analysis and other data-driven life science. ### Technical description The service evaluates AI models in a secure environment using high-performance computing infrastructure optimized for large genomic datasets. Models are tested against curated and annotated genomic datasets using state-of-the-art frameworks such as TensorFlow and scikit-learn. Evaluation metrics, including accuracy, precision, and recall, are calculated to benchmark performance against industry standards and reference models. Encrypted storage and strict access controls ensure data security. ### Service customization The service can be customized according to your specific needs. It may be required to combine this service with other services on offer. --- ## Use case example ### Context A biotech SME specializing in rare diseases has developed an AI model to predict genetic predispositions for a rare neurological disorder. The model was trained on internal datasets but has not been validated on external genomic data. Investors and clinical partners are reluctant to adopt the solution without independent evaluation and benchmarking to ensure its generalizability and maturity. ### Objective To validate the AI model’s accuracy and robustness on external genomic datasets, benchmark its performance against existing solutions, and deliver a detailed evaluation report to gain stakeholder trust and regulatory approval. ### Solution The SME submits its AI model to the Swedish TEF-Health node for evaluation. Using secure infrastructure and curated genomic datasets relevant to rare diseases, the model undergoes extensive testing and benchmarking against industry standards. ### Implementation #### Ethical Agreement The SME enters into an ethical agreement with researchers from the Swedish TEF-Health node, ensuring all data collection and usage complies with GDPR and national Swedish regulations. #### Secure Access Usage of the collected data is facilitated through a secure virtual environment managed by Karolinska Institutet, ensuring the highest standards of data protection. #### Evaluation and Benchmarking The model is assessed using metrics like sensitivity, specificity, and ROC-AUC, focusing on its performance in predicting rare disease risks. #### Outcome A benchmarking report is generated, highlighting the model's strengths, weaknesses, and recommendations for improvement. ### Benefits - **Validation & Credibility**: Independent validation enhances trust among clinical and regulatory stakeholders. - **Competitive Benchmarking**: Aligning with industry standards provides an advantage in the rare disease AI market. - **Model Refinement**: Insights from the report drive improvements for clinical readiness. ### Impact The SME secures stakeholder confidence, accelerates discussions with clinical partners, and positions its AI solution as a trusted tool for rare disease risk prediction, paving the way for market adoption and broader collaborations.

    View service →
  • AI model evaluation/assessment: Clinical model validation

    Centro Hospitalar De Sao Joao Epe (CHSJ)

    The service offers SMEs expert evaluation and validation of their AI models intended for clinical use. Leveraging the hospital's domain expertise in healthcare and data analytics, this service assesses the accuracy and clinical suitability of AI models in real-world clinical scenarios by assessing models against clinically relevant metrics, benchmarks, and regulatory standards, it ensures their safety, reliability, and effectiveness in real-world healthcare settings.

    View service →
  • AI model evaluation/assessment: Clinical model validation

    Unidade Local De Saúde De Coimbra EPE (ULS Coimbra EPE)

    The service offers SMEs expert evaluation and validation of their AI models intended for clinical use. Leveraging the hospital's domain expertise in healthcare and data analytics, this service assesses the accuracy and clinical suitability of AI models in real-world clinical scenarios by assessing models against clinically relevant metrics, benchmarks, and regulatory standards, it ensures their safety, reliability, and effectiveness in real-world healthcare settings.

    View service →
  • AI Model performance evaluation

    Multitel (MULTITEL)

    This service provides an independent and reproducible evaluation of AI model performance using well-established quantitative metrics. The evaluation is conducted in a controlled and documented execution environment to ensure traceability and repeatability of results. Performance is assessed on client-provided datasets and models, and associated measurement uncertainties are systematically analyzed and reported. The service delivers a detailed and interpretable evaluation report. All activities are performed under ISO 9001 certified processes.

    View service →
  • AI performance evaluation based on mixed testing environments

    Laboratoire National De Metrologie Et D'Essais (LNE)

    Based on the domain of the medical device or robot provided by the customer, the simulation will create a test environment relevant to the system to be evaluated using a video-projection system. The service will be provided using the LE.IA Immersion platform, a platform dedicated to the evaluation of AI. It consists of a video-projection system that makes it possible to reconstitute an "artificial nature" and to immerse the systems to be characterised (personal assistance robots, intelligent cameras, civil and military intervention robots, etc.) in a simulated dynamic reality. It allows the system (robot, camera, etc.) to be subjected to a multitude of test scenarios and to evaluate its reactions in a controlled environment.

    View service →