A security audit can serve several purposes, including informing third parties that a system is secure.
The demand for security can come from management, an investor, a partner or a client. Before entering into a contract, some buyers require evidence that pentests are routinely conducted on a software solution.
Other buyers are sensitive to some form of security label when choosing a solution or an IT supplier.
Vaadata can issue a seal of security approval or a security audit certificate following a pentest. For a company, these are more accessible deliverables than obtaining a certification (ISO27001, SOC2, PCI-DSS, etc.). In addition, performing a pentest is part of good safety practice, in order to subsequently obtain a certification.
The seals of security approval issued by Vaadata can be integrated in a Website, in commercial proposals, in online spaces reserved for clients, etc.
They highlight the fact that regular pentests are performed.
Vaadata offers four types of seals of security approval:
The security audit certificate is a document that can be communicated to customers and partners.
It is a private certificate, proving that a pentest performed by a trusted third party has been completed.
It attests that a platform or a digital solution has been exhaustively audited, and that all the flaws that could be identified have been subsequently corrected.
The certificate thus certifies a level of security reached at the date of its issue.
It is issued by Vaadata following a certifying integral security audit.
The main deliverable is the security audit report. It contains highly confidential information (details of the vulnerabilities identified during the pentest). However, the report or some of its extracts may be shared with partners or clients.
If the security audit report is not sufficiently “positive” to be communicated, it is possible to conduct a phase of validation of corrections to confirm that the identified security vulnerabilities have been corrected. Or a new audit may be performed with the same scope, in order to obtain a more positive audit report to be communicated to third parties.