product release
XperienCentral R37.1
We always want to give you a secure version of XperienCentral. To take the next step, we decided to fully comply with the requirements set by Ernst & Young to receive an EY Security Certificate. And we passed with flying colors thanks to our ‘EY Security release’.
Release overview
We are going to do things a little different in this article. As you can imagine, every improvement in this release is for security purposes. Instead, we will inform you on how the certificate came about. To be more precise, how EY tested XperienCentral’s security.
How did EY test our security?
During an orientation session, EY gained comprehensive insights into XC's technical design. Utilizing this knowledge alongside various user accounts, they conducted an Attack & Penetration test. That is how they were able to maximize results within the available time.
The test was performed from the perspective of an unauthorized user (without an account) and an authorized user (across multiple roles).
EY rigorously evaluated XperienCentral, prioritizing vulnerabilities outlined in the Open Web Application Security Project (OWASP) Top 10. The test concentrated on aspects of the Top 10 that could be identified with the Attack & Penetration approach.
What is the OWASP Top 10?
The OWASP Top 10 is an awareness document for developers and web application security. It lists the most critical security risks to any web application and is globally recognized as the first step towards secure coding. The Top 10, first released in 2003, currently is in its 7th version. Security risks examples according to the list are Identification and Authentication Failures, Insecure Design, and Broken Access Control.
To view the complete list, please visit https://owasp.org/Top10/
And the result?
As previously stated, we were granted the EY Security Certification without any comments or remarks. Safely upgrade your XperienCentral installation today, or contact us if you need help.