High level of IT security confirmed for IF-6040

imbus AG, a recognized provider of software quality assurance tests, has confirmed a high level of IT security for Interflex's IF-6040 software.

Securing critical business processes and protecting tangible and intangible corporate assets is a top priority for many companies. The threat of cyber attacks has been growing continuously across all industries.

According to a Bitkom study, 9 out of 10 companies have already experienced such attacks in the past year alone. Attackers keep developing more and more sophisticated methods to exploit specific vulnerabilities in software product. According to the “IT Security: Situation in Germany  in 2021” report published by BSI (Federal Office for Information Security), every second operator of critical infrastructures (CRITIS) is expecting an increase in attacks in the coming months. As a result, it is all the more important to develop secure software products and to regularly carry out penetration tests to check for and identify any possible security issues and vulnerabilities. imbus AG, a recognized provider of tests for assuring software quality, has confirmed that Interflex’ IF-6040 software has a high level of IT security.

Checking for security risks

IF-6040 is a software solution developed by Interflex that includes modules for access control, time management and visitor management. The application has been checked for any possible security risks both as an on-premise and as a cloud-based service installation. The industry standards of the Open Web Application Security Project (OWASP) “OWASP Testing Guide v4.0” and attack methods from the MITRE ATT&CK® Framework as well as the recognized methods and procedures of the practical guide for IS penetration tests of the BSI were implemented for the penetration test.

Interflex relied on a combination of several possible hacker scenarios. “This authentic scenario simulates both the typical external attack by a hacker who only knows the address information of the target as well as the possibility of an attack from the inside. This can, e.g., be an employee who has additional information about the target of the attack,” explains Robert Nachtrab, who is head of Software Development at Interflex. “For us, IT security is not a state but rather a process. Our aim is to offer our customers a software solution that is always state-of-the-art and represents the latest IT security technology.”