Data Security in Write-Back: security and penetration tests
- Data Security in Write-Back by design: Write-Back was engineered with security in mind, implementing features like auditing and single sign-on to ensure the safety of sensitive data.
- External Cybersecurity Audit: Balwurk, a specialized cybersecurity company, conducted a white-box audit, revealing multiple vulnerabilities despite the absence of basic security flaws.
- Mitigation in Release 4.1: The focus of Write-Back’s 4.1 release was to address and mitigate all identified vulnerabilities, resulting in an even more secure product.
- Ongoing Security Commitment: To maintain security, Write-Back plans to conduct security audits twice a year, aligning with major releases and ensuring continuous improvement.
Ever since the beginning we knew Write-Back was going to handle important or even sensitive data and security would always be a concern to any organization using it. That is why we have engineered the product leveraging security by design and implemented specific features that would also tackle the human side, such as auditing or single sign on. We want all users to know that data, generated through manual inputs in Write-Back, is safe and compliant.
Why we decided to conduct data security tests in Write-Back
Even though we had this concern we knew that an external Cybersecurity audit, including penetration testing and application security revision, would be a significant improvement raising the level of confidence and taking security to a new level.
Balwurk – a company specialized in cyber and application security –conducted this initiative following a white box approach, where there was full access to code, promoting the discovery of any type of vulnerabilities. Due to the high level of expertise and the combination of different intrusion techniques, multiple vulnerabilities were found. As importantly as finding the vulnerabilities the risk they possessed was properly evidenced making clear the classification assigned.
The results and solutions in release 4.1
The focus for release 4.1 of Write-Back was mitigating all vulnerabilities identified, this required adding new modules making it a very complex release to deliver. After another evaluation by Balwurk we were able to confirm all vulnerabilities have been mitigated. This means Write-Back is now an even more secure product, but we won’t be stopping the improvement process, security audits will be done twice a year, before every major release, ensuring new features won’t generate vulnerabilities and promoting a continuous improvement process.