Security pass

Security pass

Coroni Technology’s Reflex software is recognised by industry experts as meeting the finest security standards.

An independent test on the software was commissioned by Coroni customers to establish its performance and security credentials.

The security investigation included attempts to access the application without authentication and attempts by authorised users to damage the application:

  • Security of access outside the appropriate areas
  • Authentication within the application
  • Appropriate use of encryption
  • Attempts to steal passwords and authentication information
  • Attempts to manipulation data input
  • Use of JavaScript/hidden tags and any other scripting
  • Information leakage from the application

The software performed equally as well in the second test for the speed and robustness of the application. A series of quality assurance performance load tests were undertaken to ensure performance degradation did not occur.

  • Users’ influence
  • Hits per second
  • Transaction response times
  • Transaction response time under load
  • Transaction success and fail rates
  • Virtual user load
  • Data throughput
  • HTTP responses per second
  • Connections per second

Coroni Director, David Phillimore explains the importance of the tests

Benefit data is highly confidential and our customers need to be totally confident in its safekeeping. Security is a foremost requirement when we offer benefit management and Total Reward solutions

Flexible benefit systems require the same security rigour as payroll and the principles of security are well-established in our development standards. The difference is that Reflex is a public web application, accessible from anywhere, which provides additional challenges

The investigation concludes Coroni has succeeded in those challenges…

It was not possible to compromise the application or the supporting infrastructure

The application can be regarded as being in line with security best practice

The Reflex application can support the clients’ requirements in regard to performance and user load without performance degradation