In May 2025, our AMI web application in the hosting environment was subjected to a comprehensive penetration test (pentest) for the second time in a row - carried out by our experienced IT security partner MindBytes. The aim was to once again put the security of our application in the hosting environment to the test and identify potential vulnerabilities at an early stage.
"The pentest is a central component of our security concept and therefore also of our responsibility towards our customers. Especially since the introduction of access to zetVision's AMI via a public URL with 2-factor authentication, we have placed particular emphasis on the highest security standards," says Thorsten Deuter, Head of AMI Development & Support.
What is a pentest?
A pentest uncovers potential attacks on IT systems. By uncovering vulnerabilities, the existing security level can be assessed. By using independent experts such as MindBytes, we can have the robustness of our systems objectively assessed.
What was tested?
Special attention was paid to:
- the security of the public access interface,
- the implementation and effectiveness of 2-factor authentication,
- Robustness against cross-site scripting
- Security of the web server configuration
- Security of application data
- Protection of user data and accounts
"Our testing methodology is based on recognized standards such as the OWASP Testing Guide. We discussed worst-case scenarios in advance. We were unable to achieve any of them, such as unauthorized access to data."
Nina Wagner, Managing Director, MindBytes GmbH
Result
The pleasing result: the pentest revealed no significant security gaps. The security measures we have taken, particularly with regard to authentication, access protection and hardening of the application infrastructure, have proven to be effective. Any vulnerabilities found in non-critical areas were dealt with immediately by the development team and IT.
In the next test cycle, the findings are put to the test again to determine whether the weak points have been closed. "We have thoroughly tested the AMI environment and have not identified any critical vulnerabilities. The security measures implemented are in line with current best practices and show that security is actively practiced here."
Nina Wagner, Managing Director, MindBytes GmbH
Nina Wagner, Managing Director, MindBytes GmbH
IT security as a continuous process
The successful completion of this pentest underlines our commitment to data security and reliability. At the same time, we do not see security as a one-off project, but as an ongoing process. Regular tests like this are an integral part of our quality and security promise to our customers.
About MindBytes
MindBytes is a specialized provider of IT security services with a focus on pentesting and red teaming. Through a hands-on, risk-based approach, MindBytes helps organizations secure their IT systems against real-world threats.(www.mindbytes.de)
