The mark of professional-grade financial software is whether the creators choose to put their software to the test, and how they do so. Dryrun recently took voluntary steps to ensure your financial data and personal information remain safe by using a third-party software consultancy to test and analyze our application.
We engaged a test (i.e. 'white hat' hacking) to be sure that Dryrun has the ability to resist common attack patterns from malicious online sources, and to identify both internal and external points of vulnerability. Once testing was complete, we were able to begin the process of enhancing our security.
We turned our software over to a neutral and globally renowned third party, Cigital, to test Dryrun's vulnerabilities. Cigital’s engineers and automated tools assessed Dryrun over 4 days with both human-controlled and machine-driven attempts to ‘break in’, then gave us an itemized risk assessment using NIST 800-30 Revision 1 Standard. Using the NIST 800-30 criteria helps Cigital and Dryrun determine the risk to the application, our business, and your information in the event of a malicious attack.
The weighting of the risk assessment combines the first two elements to assess a third:
One, what is the likelihood that an attack would occur through exploitation of a particular entry-point, interface or vulnerability in Dryrun’s software.
Two, what is the impact that such an exploitation might have on your information, our information, and our system.
Finally, combining these two elements result in a third metric called vulnerability severity which allows us to assess, prioritize and remediate risks and vulnerabilities in the most efficient way possible.
Cigital's findings spanned hundreds of elements, and while confidential, less than 10 items of concern where found, mostly medium to minimal in nature.
Within a month, we remediated all concerns according to Cigital’s criteria.
Cigital is a world leader in software security and quality consultation, and have been in the business of helping others' businesses avoid malicious attacks for 25 years. With global reach and headquartered in Washington DC, Cigital’s engineers and advisors work with companies in industries such as to remain on the leading edge of software security.
Want more information or are interested in getting started with Dryrun? Contact us, visit our support knowledge base, or book a demo today.