intrus.io
iGaming, Casinos & Betting

Pentest for iGaming, Casinos and Bets

Specialized offensive security for betting operators, online casinos and gaming platforms — RNG, KYC, AML and regulatory compliance.

Request a confidential proposalSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Brazil's regulated betting market (Law 14.790/2023) puts operators under daily scrutiny. Bonus fraud, multi-accounting, bots, RTP manipulation and DDoS attacks against the platform can cost the SPA/MF license and millions in fraud.

Applicable regulation

Lei 14.790/2023 (Bets BR)SPA/MF Portaria 1.475PG PortugalMGA MaltaGLI-19, GLI-33

/attack-surface

Vectors we test in igaming, casinos & betting

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

RNG and game integrity

Random number generator validation, theoretical vs practical RTP, seed manipulation.

02

KYC and liveness

Registration bypass, deepfake, money mule accounts, multi-accounting.

03

Bonus and promo abuse

Farming detection, cashback abuse, rollover bypass.

04

Payment systems

PIX, deposit/withdrawal, AML, threshold rules.

05

Platform and backoffice

Internal access, balance manipulation, administrative adjustments.

06

Apps and game SDK

Client reverse engineering, bot detection, communication integrity.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Dedicated iGaming page already on the site (Pentest for iGaming).

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — iGaming, Casinos & Betting

Do you know GLI-19 and GLI-33?

Yes. We operate aligned to the GLI certifications required for licensing in multiple jurisdictions.

Do you serve operators in SPA/MF licensing phase?

Yes. The pentest can be part of the technical dossier for the Secretariat of Prizes and Bets of the Ministry of Finance.

/contact

Ready for a serious pentest in igaming, casinos & betting?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers