In addition to an ISO 27001 certification, regular penetration tests of sports betting portals must be carried out for the sports betting licence by the Darmstadt regional council. The pen tests must be carried out according to the OWASP Testing Guide or the OWSAP Testing Guide for web services.
The penetration tester must be independent and have the appropriate qualifications:
- Degree in technical computer science or a technical degree
- At least 3 years of professional experience in the field of IT security
- At least 2 years of professional experience in the field of penetration testing
- Certification as a penetration tester (including BSI-certified penetration tester, CPTC – Certified Penetration Testing Consultant, CPTE – Certified Penetration Testing Engineer, GPEN – GIAC Certified Penetration Tester, OSCP – Offensive Security Certified Professional or CEPT – Certified Expert Penetration Tester)
