The goal of the penetration tests is to continuously evaluate the security level of the platform. As our platform evolves, an external company conducts regular controls, including:
All results will be documented in a final written report.
Automated non-invasive scans of the platform are performed using analysis software and all access and testings are logged. Scans are run using common software tools.
Common attack patterns and vulnerabilities, including the Top 10 Application Security Risks of the Open Web Application Security Project, are being tested by non-invasive scanning methods.
In addition to the vulnerabilities found, the external company's security experts evaluate possible attack scenarios and provide noninvasive tests that allow us to assess the risks presented.
During reporting, the weak points and concepts created are evaluated, classified and recommendations derived. These are prioritized by us and appropriate measures taken.
The vulnerability CVE-2021-44228 in the Apache Log4j2 2.0-beta9 module (version 2.12.1, 2.13.0 - 2.15.0) reported on December 10, 2021 allows attackers to take over a compromised server.
This module is not used on our production servers, where all of our customers' data is stored. On our part, there is no risk of customer accounts being taken over or data being leaked via this vulnerability.
Timeframe March, April
Carried out in calendar week KW43
Carried out in calendar week 21
Carried out in calendar week 36
Carried out in calendar week 26
autocomplete="off"attribute has been added to the login pages.