AFAS Software develops innovative software products for the business and consumer markets. Usage varies from business software for SMEs to complete ERP solutions for multinationals. The firm also offers a digital cash book that gives consumers a better picture of their finances. Computest's infrastructure scan checks the entire AFAS infrastructure for vulnerabilities on a daily basis. The findings generated by the scan are displayed in an easy-to-read dashboard. The Computest Security Specialists provide accurate analysis and validation of the findings.
Although AFAS works in accordance with sophisticated processes and procedures and records everything, they deliberately choose to outsource security checks to a specialist party. Computest has been their trusted partner in this area for years. Jeroen van Stokkum, ICT manager at AFAS: “Because we want an ongoing focus on privacy and security, we need specialists who work on them in a dedicated manner. And Computest has the knowledge and mindset we are looking for.”
Analysis and validation of the findings
By correctly interpreting and evaluating the scan results, the Security Specialists provide a good overview of the security status of the environment.
Jeroen van Stokkum, Manager ICT at AFAS Software
In order to always have an up-to-date picture of the security of the complete network, alongside the pentest, Computest also performs a daily security check. This takes place completely automatically in the shape of the infrastructure scan, consisting of advanced and proven testing tools. The findings produced by the scan are clearly displayed in Marvin_, Computest's hybrid service. Besides showing the number of vulnerabilities detected in the last scan that were evaluated as being relevant, Marvin_ also displays the hosts and websites with the most issues. These are the websites that might warrant some extra attention. Also shown are the latest and most recently modified issues, as well as the comments placed on the issues by both the customer and the Computest Security Specialists. The trend report clearly shows how many issues have been added and resolved daily. This makes the automated testing process considerably simpler and more efficient.
The results of the scan are verified every working day by an experienced Computest Security Specialist who is familiar with the AFAS environment and potential risks. The specialist assesses the probability, impact and urgency of the findings and marks them as such in the dashboard. Van Stokkum: “In my view, it is this quality that is the real added value of Computest. Their specialists take another good look at the findings and filter them for us. By correctly interpreting and evaluating the scan results, the Security Specialists provide a good overview of the security status of the environment. Thanks to this managed service solution, we benefit from their most up-to-date knowledge in the security field and everything is taken out of our hands.”
"Thanks to this managed service solution, we benefit from their most up-to-date knowledge in the security field and everything is taken out of our hands.”
- Jeroen van Stokkum, Manager ICT at AFAS Software
Direct contact about vulnerabilities
Marvin_ includes a chat function that can be used to communicate with one another. When critical vulnerabilities are found, Computest's specialists directly contact those at AFAS who are responsible for IT and security. Together, they then decide whether the findings identified do need to be resolved and what priority they should be assigned. Van Stokkum: “Because we have very regular contact about the findings, there is a learning curve on both sides, enabling us to better manage the follow-up. Moreover, the active partnership ensures an ongoing focus on privacy and security on our part and we always get the appropriate support from Computest.”
Van Stokkum compares it to a three-stage rocket: “Thanks to Computest's infrastructure scan, we always have a proper understanding of the security status of our network. The specialists make sure the findings are filtered and placed in the right context. And the short lines of communication mean the findings are resolved quickly.” According to Van Stokkum, an added bonus is that the infrastructure scan and the pentests are performed by the same people: “This increases the efficiency and effectiveness of both security tests.”