20220713 Report Azure White Box Security Audit

20220713 Report Azure White Box Security Audit

Version: 2022-07-14

Introduction

anDREa has a Pentest Program program as part of the commitment to protect the security of its business information. 

At least once a year we request an external party to do the pentest and a white box security audit.

Result

The outcome of the this year's pentest can be found here: 20220624 Pentest 2022-Q2/Q3 Report.

Attached its the full report, the conclusion of the white box security audit is:


Note
  1. Finding 5.1 has been already resolved per 2022-05-11 but we forgot to show this to the pentesters.
  2. We decided to go full Azure Bastion, on request available for clients, and stop development on Guacomole

    • Related Articles

    • 20210224 Pentest 2021-Q1 Report & 20210301 White Box Security Audit 2021-Q1 Report

      In accordance with our Pentest Program, anDREa engaged nSEC/Resilience for the anDREa White Box Security and the Pentesting 2021-Q1. The core questions being: Can non-authorized people or services access Workspaces or affect anDREa’s core services? ...
    • 20220607 Security Management Report

      As part of anDREa's commitment to maintaining an Information Security Management System (ISMS) based on ISO 27001 please feel free to download and read the attached anDRE's 20220607 Security Management Report.
    • 20220624 Pentest 2022-Q2/Q3 Report

      As part of anDREa's commitment to maintaining an Information Security Management System (ISMS) based on ISO 27001 please feel free to download and read the attached anDREa's 20220624 Pentest 2022-Q2/Q3 Report. TLDR: none of the findings have any risk ...
    • 20220714 Security Management Report Addendum

      As part of anDREa's commitment to maintaining an Information Security Management System (ISMS) based on ISO 27001. This document is an addendum to the 20220607 Security Management Report and addresses the on 2022-07-14 reported findings of the ISO ...
    • 20230503 - Security Management Report

      anDREa's Security Officer annually provides the management board with the Security Management Report. An annual security management report is a key part of this auditing process. The report provides a summary of the organization's ISMS activities, ...