Successful OWASP ASVS 3 Level 2 Security Analysis for LEGIC Connect

LEGIC Connect is LEGIC’s Software as a Service (SaaS) Suite that enables global, secure and convenient around-the-clock operation of mobile credentialing, key management and messaging worldwide. The service enables a wide range of smartphone-based applications such as secure, contactless entry control for offices, hotels, parking garages and vehicles. With such a complex and highly available service come new challenges.

The OWASP (Open Web Application Security Project) ASVS standard (Application Security Verification Standard) provides a basis for testing an application’s technical security controls, as well as any technical security controls in the environment that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This is an acknowledge standard for web applications and services such as LEGIC Connect with its Trusted Service and Mobile SDK.

To ensure the security of the service and surrounding processes, LEGIC initiates recurring audits and reviews. Last year LEGIC Connect underwent an OWASP ASVS 3.0 Level 2 security analysis by Protect 7 based on penetration tests, conceptional and source code analysis as well as interviews.

LEGIC Connect reached a 100% or more compliance for each ASVS chapter with LEGIC Trusted Service and LEGIC Mobile SDK. Protect 7 concludes that the approach chosen by LEGIC for its Trusted Service and Mobile SDK is appropriate for the targeted application of the service and that LEGIC shows exceptional commitment in applying secure software practices.

About LEGIC
For over 25 years, Swiss-based LEGIC Identsystems has enabled companies from around the world to deploy solutions with demanding security requirements. Based on key management, trusted services and secure, contactless semiconductors, the LEGIC Security Platform provides end-to-end security for smartphone- and smartcard-based access, mobility, shared resource and industrial IoT applications.
www.legic.com

 

 

About OWASP® Foundation
The Open Web Application Security Project(OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
www.owasp.org

 

Press inquiries
Carl Fenger
Technical Communications Manager
LEGIC Identsystems Ltd
Tel: +41 44 933 64 64
carl.fenger@legic.com