For the test conducted in December 2018 with more than 14 person-days, the testers had access to the SIMSme source texts and internal documentation. These “white box tests” are the gold standard in security analysis and allow the specialists the deepest insight into all the nooks and crannies of SIMSme Business. We are all the more pleased that only a few things were found and these were rated throughout as “low criticality” by the testers. Notwithstanding that, these points were immediately rectified.
Here is an excerpt from the SIMSme Pentest Report for the 2.5 release from December 15, 2018:
“After investigating the SIMSme scope, in particular focusing on the new 2.5 Release, Cure53 can only conclude that the overall security posture of the project is solid and praiseworthy. [..] Cure53 believes that the cycles of alternating development with penetration testing and security verification of new features have been successful in improving the security posture of SIMSme. [..] This is certainly an impressive and desirable result for any compound of this kind.”
Dr.-Ing. Mario Heiderich
The IT security expert was, among others, Security Researcher for Microsoft and is the founder and CEO of Cure53. The Berlin-based company specializes in penetration testing for online solutions as well as security analysis and investigation of malware. Cure53 consults on security aspects of IT architectures and crisis response after an IT attack. Since 2011, Cure53 has been conducting penetration tests for various IT solutions from Deutsche Post AG.