The Royal Netherlands Golf Federation (NGF) represents the interests of golf clubs and golf players with the aim of promoting the sport in the Netherlands. To this end, it has developed GOLF.NL, golfraak.nl, joostluiten.com and the app GOLF.NL. In order to be sure that golfers’ personal data are secure within these platforms, the NGF asked Computest to perform a vulnerability assessment.
Erik Vrieling is project manager and product owner in an agile team which developed the NGF’s online platforms. In 2016, the app GOLF.NLwas added. Vrieling: “Of the three platforms, GOLF.NL is the biggest with 190,000 monthly visitors and is used by both players and people with an interest in golf. The site and the app allow players to submit scorecards to update their so-called handicaps. With the app, we also want to encourage golfers to play more often and improve their game. So the app is also a community: golfers can become friends, see who is playing golf where on each other's timelines - the app supports course recognition via GPS - and view rankings.The app now has over 170,000 users, of whom around 55 to 60% submit scorecards.”
Privacy of personal data
The NGF launched the app in 2016. A major update is issued at least every year. “To date, we had not tested the app and our platforms for security and accessibility. There was no immediate reason to do so now, but we were keen to know whether there were vulnerabilities that might compromise the privacy of personal data", says Vrieling. “So we decided to have a vulnerability assessment carried out. We went looking for an independent party to do it for us. The developers of We are you, the company that developed our platforms and apps, recommended Computest. They had had positive experiences of working with them on a previous project."
Vrieling asked the specialists at Computest to test for access to the platform and possible violations. In a vulnerability assessment, testers try to find as many vulnerabilities as they can in the IT systems that a malicious hacker could use for a (targeted) attack. The creativity of the tester plays an important role; after all, hackers don't work to a set template either. In addition, during a vulnerability assessment the security testers from Computest use checklists of types of vulnerabilities which are then manually checked, supported by tools. Thanks to this way of working, the client gets a complete and realistic picture of any vulnerabilities present.
Even before carrying out the assessment, Computest discovered a critical vulnerability. It was quickly communicated and then resolved.
Erik Vrieling, projectmanager en product owner at NGF
“Even before carrying out the assessment, Computest discovered a critical vulnerability. It was quickly communicated and then resolved by We are you on the same day. It was good to see how smoothly the two suppliers worked together”, says Vrieling. The complete vulnerability assessment was carried out on location at NGF.
“The testers from Computest spent a few days with us. You can really tell that you are dealing with professionals”, notes Vrieling. “And they are very clear about communicating the results. Computest turns the findings from the vulnerability assessment into a clear, comprehensive report in which possible weaknesses are clearly explained and assigned a priority. This made it easy for us to draw up an action plan and implement the improvements.”
“Our platforms have now been thoroughly tested for potential vulnerabilities that could compromise personal data. Because the tests have demonstrated their usefulness, we have decided to begin periodic testing, based on new developments in our app or platforms. We will definitely be using Computest” for that, concludes Vrieling.