DIGID Pentesting  

DigiD Pentesting for Compliance

Meet annual DigiD compliance with DigiD pentesting from Cyver. We deliver pentest-as-a-service with remediation support and TPM statements through our audit partners.  

DigiD Assessment

Stay DigiD compliant, with a thorough pentest for your DigiD compliance. Cyver delivers fast, insightful testing to implementation, application, and infrastructure to help you find and remediate vulnerabilities. Our Dutch pentesters will thoroughly investigate your implementation and submit a pentest report mapped to the DigiD Standards Framework 2.0 to help you meet your ENSIA Audit obligations.

Do I Need a DigiD Assessment? 

Any organization using the Dutch Digital Personal Identification (DigiD) is obligated to perform a yearly ICT security assessment and audit, ENSIA. This includes a pentest of all implementations and infrastructure or a relevant TPM statement from your software provider. Logius sets the DigiD security standard based on guidelines from the Ministry of the Interior and Kingdom Relations, in consultation with NOREA, the National Audit Service, and the NCSC.  

In addition to the annual pentest, you’re required to perform periodic scans and pentesting at any point where you make significant changes to assets, properties, or forms impacting your DigiD implementation.

What’s Included in a DigiD Pentest?

Cyver performs DigiD pentests according to the Logius DigiD Standards Framework v2.0, a subset of the NCSC Norms. We utilize the OWASP Testing Guide and ASVS (OWASP Application Security Verification Standard) for our DigiD assessments. This includes greybox testing, with scope set to include all assets impacting DigiD, as well as any custom forms or components integrated into DigiD.  

Our compliance partners are available to provide necessary TPM statements. 


Request a Free DigiD Sample Report

Request a free sample report to see how Cyver delivers pentest reports for DigiD compliance. We’ll onboard you to our platform, where you can see and interact with sample findings as tickets, compliance data, and the full pentest report.  

DigiD Pentesting


 Cyver delivers a DigiD pentesting solution centered around remediation. Our assessments are conducted by our pentest partners, in conjunction with BZK standards. Vulnerability findings are delivered as tickets, so your teams can collaborate with our pentesters on remediation, request retests, and generate audit-ready reports with updated finding status.  Plus, with Pentest-as-a-Service, you can schedule next year’s pentest in now – to ensure you stay compliant. 

Comprehensive Testing

DigiD pentesting includes a full assessment of impacted (front-facing) infrastructure, components, & applications. Greybox testing requires us to log into your environment using DigiD. Infrastructure tests take place in the production environment. Apps are normally assessed in a test environment.

Digital Reporting

All vulnerability findings are delivered as tickets, so teams can immediately start work on remediation. Once resolved, Cyver retests finding status for free and verifies the fix. You can then generate a new Audit-ready report, with updated vulnerability status, and findings mapped to DigiD Framework 2.0.

Fast Service

The 60,000 businesses using DigiD are required to submit DigiD audits to Logius by May 1, with all vulnerabilities resolved. Cyver uses real-time communication, and a large network of pentesters so we can test fast. Plus, with free retesting – so you get your DigiD pentest report ASAP at no extra cost.

Your Pentest Platform

From onboarding to scheduling ongoing pentests, Cyver is here to make your pentest processes better. We deliver full access to a cloud Security Dashboard, where you can request assessments, see findings in real-time, track findings and proof-of-concept files in one secure place, and automatically assign findings to developers. Our cloud platform delivers findings as tickets, risk analysis, reports, and security metrics. We make pentest reports modern, digital, and actionable. 


Meeting DigiD Compliance with Pentesting

ENSIA audits are obligatory for any organization using DigiD. But, what does compliance entail? And why do you need pentesting to stay DigiD compliant? Download our free whitepaper to see what’s involved in your yearly compliance assessment, what pentesting entails for your organization, and how Cyver can help.  

DigiD Pentesting

Any questions?

We are here to help

What is a Pentest-as-a-Service

Pentest-as-a-Service combines our human expertise and insight with the convenience of cloud apps and findings-as-tickets. We organize pentests in our cloud platform, Cyver Core, and deliver pentest reports with tickets, so developers and compliance officers can remediate right away. Plus, we offer free insight tooling, so you can see remediation times, risk profiles, and even areas of risk.

When Can You Start?

In most cases, we can start your pentest within 2 weeks. In some cases, we can finalize and deliver your pentest during that time. However, pentest duration depends on the scope of the pentest, your assets, and environments.

Cyver leverages a network of pentesters, allowing us to quicly scale to meet demand. When you need expert pentesters, we can help, and quickly. If you want a quote based on your specific needs and assets, book a demo now for a one-on-one conversation.

How Much Do You Charge for a Pentest?

Cyver uses a credit system to charge a flat rate for our pentests. That means costs are always transparent and you always know what you're paying for. Currently, we charge €329 per pentest credit. Pentests range from 2 credits for a simple 1-website test to well over 40 credits for a large and complex system. Visit our pricing page for more information. 

What Does the Platform Look Like?

Visit our How it Works page to see Cyver in action. Or, schedule a demo to see it live. Our platform, Cyver Core, allows you to onboard your full team, assign responsibilities, and see findings results in real time. When we deliver the report, you can export it to a PDF or process it as tickets, linked to tooling like Jira, for faster remediation. 

Book a Demo Here