PortalGuard Has Completed a Successful Penetration Test by Veracode

PortalGuard/Veracode

PistolStar, Inc, flagship product PortalGuard has recently gone through a successful penetration test. The penetration test was completed by Veracode, a third-party application testing company featured as a leader in the prestigious Gartner Magic Quadrant. PistolStar partnered with Veracode to expand the quality control of its product by outsourcing for a third-party validation.

Throughout the process Veracode performed two types of testing. The first one being manual penetration where humans inspect the application and associated traffic. Then Static Code Analysis, which is when a bug version of the compiled source code is uploaded to an automated service that evaluates all run-time executable “code paths”.

After the testing results PistolStar engineers came out with PortalGuard v5.6.4 equipped with new enhancements and features. There are two main features that highlight PortalGuard’s new version.

Password Prompting for Account Management Changes: As an optional security measure, admins can require end users to re-enter their password when making changes to their account settings. This can prevent the possibility of a user walking away from a browser with an active PortalGuard session and having a malicious user sit down and add a new phone that can be used for two-factor authentication or to reset a password.

Terminated Session Detection & Prevention: PortalGuard uses the standard ASP.NET session implementation which uses an encrypted cookie value to store the user’s identity and session expiration. PortalGuard now overcomes an inherent vulnerability in this by actively monitoring for and preventing the re-use of sessions that have been manually terminated/logged out.

PistolStar is committed to…

Read the full article at the Original Source..

Back to Top