We've instructed an independent Cyber Security firm to conduct an External Vulnerability Scan of the PAAM Offsite Cloud Software App.
We take the privacy and security of user data held within PAAM very seriously. The hardware PAAM runs on is constantly monitored and frequently updated to maintain overall system integrity. PAAM's code is also scrutinised and optimised as required to avoid any vulnerabilities.
To be certain that user data is secure we regularly instruct an independent Cyber Security firm to conduct an External Vulnerability Scan of the PAAM Offsite Cloud Software App.
The test includes the following technical checks:
- Information Gathering to establish what information is already made available by the network itself that could be used to aid in identifying weaknesses.
- Foot-printing establishing the extent and composition of the infrastructure.
- Service Probing to identify all open ports, and what services are running on those ports.
The Vulnerability Assessment then includes:
- Validation Testing: VPN, DNS, Web and Mail
- Research: Knowledge bases, Vulnerability Databases and Local
- Passive: Metadata analysis and Traffic Monitoring
- Active: Full TCP/UDP Port Scans, Service Scans and Banner Grabbers
The results of the External vulnerability Scan are based on a CVSS (Common Vulnerability Scoring System).
Scores between 0.0 to 0.9 are informational.
Scores between 1.0 to 3.9 are defined as Low-risk issues.
Scores between 4.0 to 6.9 are defined as medium-risk issues and will usually be associated with the obtaining of some piece of specific information enumerated from the system but that could not actually be directly exploited.
Scores between 7.0 to 10.0 are defined as medium-risk issues and will usually be associated with the direct compromise of a system or application for the extraction of production data, system passwords or the introduction of malware.
The results PAAM achieved were (0 being no issues found):
We hope this reassures all PAAM users that their data is safe in the PAAM Offsite Cloud Software App.