Published
23 March 2020
BSI audit: Route4Gas is secure and safe to use!
The Institution has performed a Penetration Testing and Source Code Security audit of the client application in January and February 2020. As the base for its manual infrastructure security testing, BSI carried out all testing following CREST standards and the BSI Security Testing Methodology. BSI also used industry best practice guidance such as the OWASP Top 10, the SANS Top 25, the MITRE CWE and the MITRE CAPEC. The outcomes detailed in BSI’s PRJ-2828 Management Reports were as follows:
Based on the results of source code review, it was apparent that client applications’ source code was written consistently in line with the best practice sources listed above.
There were a large number of well-implemented security controls in place across the in-scope external infrastructure and web application.
BSI identified several findings, highlighting the scope for improvement. These have been subsequently addressed and remediated by Route4Gas development team.
No access mechanism that could bypass the authentication or the encryption scheme (backdoor) was found to be implemented within the code.
BSI reviewed the anonymization algorithm design to confirm that all data, sent to the server, was anonymized.
The co-operation with BSI brings additional security industry expertise to ensure that our clients can trust the Route4Gas solution as a secure solution.
Based on the results of source code review, it was apparent that client applications’ source code was written consistently in line with the best practice sources listed above.
There were a large number of well-implemented security controls in place across the in-scope external infrastructure and web application.
BSI identified several findings, highlighting the scope for improvement. These have been subsequently addressed and remediated by Route4Gas development team.
No access mechanism that could bypass the authentication or the encryption scheme (backdoor) was found to be implemented within the code.
BSI reviewed the anonymization algorithm design to confirm that all data, sent to the server, was anonymized.
The co-operation with BSI brings additional security industry expertise to ensure that our clients can trust the Route4Gas solution as a secure solution.