logo.min.svg

Penetrationtest Certificate#8a51d83e89

FinMatch AG
Issued
Expires

Use our comprehensive security certificate to demonstrate IT security awareness to customers and users.

Cyber Security Score

The Secure Score is a benchmark for assessing asset security. With our centralized dashboard in turingsecure, organizations can monitor and improve the security of their assets.

8/10

Certificate

Only companies whose applications, systems or infrastructures have been tested receive this certificate. This proof is to be understood as a snapshot and serves as evidence of the best possible protection against third parties.

Delimitation

Security audits are snapshots and serve as evidence of the best possible protection for the respective assets. Side-channel attacks or zero-day attacks still represent a risk. This certificate is only awarded to companies whose tested applications, systems or infrastructures have no critical vulnerabilities and have achieved a good to very good result.

Objective

This analysis looks at a web service or infrastructure that is accessed over a network (e.g., the Internet) and via (HTTP or HTTPS-based). The analysis includes a brief review of the services that can be accessed on the systems and the upstream protection functions (e.g., a firewall). Furthermore, the analysis is performed according to the OWASP Testing Guide 5.0 and thus also takes into account the current OWASP Top10 vulnerabilities.

Rating

The assets audited by turingsecure are exposed to a moderate risk. The audits performed did not identify a high number of findings or serious vulnerabilities. There is a low risk of attackers compromising your assets and potentially causing damage. You should address and remediate the identified issues accordingly.

Scope

The scope defines the environment to be tested, including all systems and applications to be included.

TypeUrlDescription

Infrastructure

Keycloak - https://portal.finmatch.de/service/keycloak/

Testing of infrastructures, such as servers and iOT, according to the PTES standard.

Infrastructure

SendGrid - [rechnung@finmatch.de] @ https://app.sendgrid.com

Testing of infrastructures, such as servers and iOT, according to the PTES standard.

Infrastructure

RabbitMQ - rabbitmq-prod-server-{0,1,2}@prod.k8s.fim.dg-i.net

Testing of infrastructures, such as servers and iOT, according to the PTES standard.

Web Application

https://portal.finmatch.de

Testing of web services and APIs according to the OWASP Web Security Testing Guide.