Successful OWASP ASVS 3 Level 2 Security Analysis for LEGIC Connect : LEGIC

February 10, 2021

LEGIC Connect is LEGIC’s Software as a Service (SaaS) Suite that enables global, secure and convenient around-the-clock operation of mobile credentialing, key management and messaging worldwide. The service enables a wide range of smartphone-based applications such as secure, contactless entry control for offices, hotels, parking garages and vehicles. With such a complex and highly available service come new challenges.

The OWASP (Open Web Application Security Project) ASVS standard (Application Security Verification Standard) provides a basis for testing an application’s technical security controls, as well as any technical security controls in the environment that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This is an acknowledge standard for web applications and services such as LEGIC Connect with its Trusted Service and Mobile SDK.

To ensure the security of the service and surrounding processes, LEGIC initiates recurring audits and reviews. Last year LEGIC Connect underwent an OWASP ASVS 3.0 Level 2 security analysis by Protect 7 based on penetration tests, conceptional and source code analysis as well as interviews.

LEGIC Connect reached a 100% or more compliance for each ASVS chapter with LEGIC Trusted Service and LEGIC Mobile SDK. Protect 7 concludes that the approach chosen by LEGIC for its Trusted Service and Mobile SDK is appropriate for the targeted application of the service and that LEGIC shows exceptional commitment in applying secure software practices.

About LEGIC
For over 30 years, Swiss-based LEGIC Identsystems has enabled companies from around the world to deploy solutions with demanding security requirements. Based on key management, trusted services and secure, contactless semiconductors, the LEGIC Security Platform provides end-to-end security for smartphone- and smartcard-based access, mobility, shared resource and industrial IoT applications.
www.legic.com

About OWASP^® Foundation
The Open Web Application Security Project(OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
www.owasp.org

Press inquiries
Carl Fenger
Technical Communications Manager
LEGIC Identsystems Ltd
Tel: +41 44 933 64 64
carl.fenger@legic.com

Articles & Interviews Press releases Blog

Back

Type	Name	Purpose	Lifetime	Provider
Website	CookieConsent	Saves your consent to using cookies.	1 year	HTML
Website	fe_typo_user	Assigns your browser to a session on the server.	session	HTTP
Pipedrive	_cf_bm	This cookie is used to distinguish between humans and bots.	1 day	HTTP

Type	Name	Purpose	Lifetime	Provider
Google	_gcl_au	Used by Google AdSense to experiment with advertisement efficiency.	3 months	HTML
Facebook	_fbp	Stores the unique visitor ID.	3 months	HTTP
Facebook	facebookPixel	If JavaScript is not enabled, this pixel initiates a connection to facebook.	session	Pixel
Twitter	i/adsct	missing translation: trackingobject.i/adsct.desc	session	Pixel
LinkedIn	JSESSIONID	Keeps the user's states in all page requests at.	session	HTTP
LinkedIn	li_gc	Saves the user's consent status for cookies on the current domain.	2 years	HTTP
LinkedIn	AnalyticsSyncHistory	Used in conjunction with data synchronisation with the third-party analytics service.	29 days	HTTP
LinkedIn	bcookie	Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.	2 years	HTTP
LinkedIn	bscookie	Used by the social networking service LinkedIn for tracking the use of embedded services.	2 years	HTTP
LinkedIn	lang	Used to memorize a user's language setting.	session	HTTP
LinkedIn	lidc	Used by the social networking service LinkedIn for tracking the use of embedded services.	1 day	HTTP
LinkedIn	UserMatchHistory	Ensures browsing security for visitors by preventing falsification of requests across pages. This cookie is essential for the security of the website and the visitor.	29 days	HTTP