In the DOSS project, we work on vulnerability scanning and penetration testing of IoT systems with the goal of identifying system-level weaknesses and vulnerabilities, and providing system developers/integrators with recommendations on how to fix them. As in many applications of IoT systems, penetration testing of live systems is problematic, we plan to perform it on a digital twin of the system. Besides the advantage of not affecting live operations, security testing of a digital twin can also be automated. We designed a framework in which automated vulnerability scanning and penetration testing can be performed on a digital twin of the IoT system in a virtualized environment. We are looking for students who are interested in joining our team and help us implementing the framework. Participation in our project allows students to gain knowledge in infrastructure automation and usage of penetration testing tools.