1. Home
  2. evaluations penetration testing security certifications lessons learned

Evaluations, Penetration Testing & Security Certifications: Lessons Learned

In the world of IT and Cybersecurity, security evaluations are an important measure of a company's commitment to providing products with exceptional quality. Although requirements differ across the globe, European security evaluations are now required under various legislation, including the Payment Services Directive 2 (PSD2).  As part of Okay's evaluation process, we worked with a consulting and auditing company, PROSA Security, which modelled protocols and data flow through our systems. Based on this model, we could automatically see how encryption protected different assets, and whether we made any mistakes with our implementation.

Penetration testing is a totally different process. Also known as ethical hacking, penetration testing is a fake cyberattack used to identify a system's weaknesses and strengths regarding how well it does or does not protect its features and data. The partner we chose for our penetration testing, YesWeHack, facilitates the connection between companies and white-hat hackers who are paid bounties if they manage to break the solution's security. When it came time to test Okay, we first defined a set of bounties before inviting a set of hackers to try to break a "hackme" system.

Security evaluations and penetration testing are ultimately useful and necessary tools when trying to pinpoint product issues.While the formalised method used by security evaluators can be handy in finding logical errors and lack-of-documentation, the practical approach used by security testers motivated by bounties can help you find the bugs in your implementation that were originally missed.

Read the full article at okaythis.com/blog.

Who is Okay?Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2's SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit okaythis.com.