Security pass

Security pass

Coroni Technology’s Reflex software has progressed through its regular penetration testing.

It was not possible to compromise the application or the supporting infrastructure

An independent test on the software is commissioned by Coroni partners and customers to ensure it maintains its high standards for performance and security. The security investigation included attempts to access the application without authentication and attempts by authorised users to damage the application:

  • Security of access outside the appropriate areas
  • Authentication within the application
  • Appropriate use of encryption
  • Attempts to steal passwords and authentication information.
  • Attempts to manipulation data input
  • Use of JavaScript/hidden tags and any other scripting
  • Information leakage from the application

Coroni Director, David Ince, explains the importance of regular testing

There have been several public high-profile and well-documented incidents of data insecurity recently. Benefit data is highly confidential and our customers need to be totally confident in its safekeeping

The software performed equally as well in the second test for the speed and robustness of the application. A series of quality assurance performance load tests were undertaken to ensure performance degradation did not occur. These tests investigated:

  • Users’ influence
  • Hits per second
  • Transaction response times
  • Transaction response time under load
  • Transaction success and fail rates
  • Virtual user load
  • Data throughput
  • HTTP responses per second
  • Connections per second

The software achieved its clean bill of health at the first attempt but this was not altogether surprising to Ince whose development team has been involved in the provision of payroll and HR solutions for many years,

Those systems require the same security rigour as flexible benefits and the principles of security are well-established in our development standards. The difference is that Reflex is a public web application, accessible from anywhere, which provides additional challenges

The investigation suggests Coroni has succeeded in those challenges. The security report states that “It was not possible to compromise the application or the supporting infrastructure” and concludes “The application can be regarded as being in line with security best practice”. The performance test summary states, “The Reflex application can support the clients’ requirements in regard to performance and user load without performance degradation”. The results provide significant peace of mind for Reflex clients including the two major financial institutions undertaking the study.