With the help of penetration tests, or pen tests for short, we regularly ask external security experts to execute cyber stress tests on our software, hardware and firmware and try to unveil potential vulnerabilities that could provide criminals with a vector for cyberattacks.
What’s the difference between multi-level code monitoring and pen testing? Imagine it like this: Instead of asking someone to look at a house and see if there are any open doors, windows, or keys lying around, we specifically ask someone to break into our house, because we are certain that the doors and windows are already locked. But there could be other ways to get inside, and we want to know them.
Pen tests by external security testing bodies or ethical hackers have a predefined goal. For example, the detection of potential vulnerabilities through targeted automatic and manual tests. In doing so, they apply similar methods that criminal hackers would use. They demonstrate vulnerabilities by having the testers deliberately exploit security gaps and attempt to access and manipulate protected data and devices.
We are proud to announce that we have again successfully passed a penetration test in January 2023, conducted by TÜV SÜD. The test system was built of Symphony MX and Symphony BF products linked to our VirtuoSIS. The test identified no critical or high-impact security issues, providing external validation of our commitment to the highest standards of Cyber Security. Despite this positive result, we have already begun to address the medium- and low-impact issues identified in the report to ensure that our products remain safe and secure.