We passed the JAM Pentest! But why did we do it in the first place?
Some backgrounds and information about the pentest at JAM Software.
What’s a pentest?
According to Wikipedia, a penetration testing (also called pentest) checks the security of as much network components as possible using the same methods as professional intruders to get unauthorized access and penetrate the company’s system. Hence, a pentest simulates an attack to make sure no hacker has a chance of entering the system.
Sounds interesting. That’s why we became attentive when Raimund, leader of our IT admin team, told us about the passed pentest at JAM as part of the reorganization of our server landscape. In this article, we want to explain what a pentest does, how it is executed and why a pentest is so important to JAM and our customers.
If you dive into Google, searching for “pentest”, you not only find the cited article from Wikipedia but also a great variety of different service offers to initiate a penetration testing. While the German Federal Office for Information Security offers pentests for other federal offices, private organizations look up companies who offer pentests on the free market.
We at JAM chose the SVA System Vertrieb Alexander GmbH (called SVA hereafter) after being convinced of their catalog of services and their live presentation.
Pentest passed! Mathias from our IT admin team holding our certificate in his hands.
SVA initiated the pentest in two iterations. First, they scanned our public websites and our internal IT infrastructure completely and summed up the test results in a professional pentest report.
The JAM admin team then not only analyzed and fixed the code red issues right after but also enhanced components that where reported to have some moderate issues.
Then SVA did a retest to verify the fixes. While the first test results were already great, with the second test JAM Software received an official pentest certificate.
Why does the pentest certificate matter for JAM in the first place?
No question, security of infrastructure and data in a modern, connected world is of highest priority. But is it really worth the trouble of going through the whole process of a penetration testing?
Talking to Christine from our customer support, the necessity became clear: The compliance requests of companies, institutions and agencies worldwide are getting of more and more complex.
Therefore, the requirements for business partners get more demanding every day. IT security and supplier evaluation are becoming a purchasing criterion and no longer the exception. Already, it is an important part of the supplier management.
To achieve high internal security standards, it has become necessary to let the professionals have a crack at your security system to reveal any possible weaknesses.
We at JAM want our customers to feel good while purchasing our products and decided to acquire an official certificate to make sure our system landscapes meet the highest security standards.