Equipped against attacks from the outside
booking4med passes pentests with flying colors
Following the successful completion of the pentests for the web applications Referrer Portal and Patient Portal, as well as Teleradiology in March, the Appointment Booking Portal booking4med has now also been issued the new certificate.
Information and data security play a primary role for medavis. “That is why we regularly commission an external service provider, usd AG, to carry out so-called penetration tests of our web applications. Currently, our online appointment booking solution booking4med has successfully passed such a test and has been certified accordingly,” says product manager Samer Abdalla. Not only were the applications themselves put to the test, but also the resources required for them – in this case the cloud service infrastructure. Both the configuration and the applications running on the cloud have been assessed.
A penetration test, or pentest for short, simulates attacks of various types on the IT system landscape. The aim is to identify any vulnerabilities and possible points of attack as well as to uncover security gaps and thus ensure security at the technical and organizational level.
“usd AG, with whom we have been working for many years, applies strict testing criteria and is guided by the recommendations and guidelines of the German Federal Office for Information Security (BSI), the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) and the requirements of the Payment Card Industry Data Security Standard (PCI DSS).The consulting company develops individual testing concepts for each product, which also take special requirements into account. This means that our customers and we can be really sure that our systems are immune to hacker attacks,” says Abdalla.