The security of Particeep solutions
Particeep and OWASP
Particeep has successfully passed the OWASP (Open Web Application Security Project) tests.
The OWASP test is an online community aimed at working on web application security.
Any client company or future Particeep client can on request to the support teams carry out security tests.
What security tests have been carried out on the Particeep solution?
Particeep has been tested on these main points of security vulnerabilities:
- The risk of injection (SQL, ...),
- Risk linked to the management of authentication (session theft or password recovery),
- Risk of "Cross-Site Scripting": injection of content into a page, which causes unwanted actions on a Web page. This risk is managed in particular when editing the content of Particeep white brands,
- Insecure Direct Object References: corresponds to the security vulnerabilities of the visualized data IDs; this requires setting up data access control,
- Security Misconfiguration: corresponds to configuration flaws linked to Web servers, applications, databases or framework,
- Sensitive Data Exposure: corresponds to security breaches related to sensitive data such as passwords, payment card numbers or personal data and the need to encrypt this data,
- Missing Function-Level Access Control: corresponds to security vulnerabilities linked to functionality access,
- Cross-Site Request Forgery (CSRF): corresponds to flaws related to the execution of requests without the user's knowledge,
- Using Components with Known Vulnerabilities: Corresponds to vulnerabilities related to the use of third-party components,
- Unvalidated Redirects and Forwards: corresponds to bankruptcies linked to generic redirects and forwards of applications.
Good to know: the Clever Cloud host used by Particeep in its "shared" version uses a TLS version of 1.1, lower than 1.2 (OWASP recommendation). Particeep offers a dedicated hosting solution at this point (additional cost to be provided on estimate)
What results for Particeep?
Particeep has successfully passed an evaluation based on these criteria with several clients, one of which was carried out and approved by an international group of more than 100,000 employees.
Particeep is listed as a provision of essential services outsourced to banking players such as Bred, Crédit Agricole, Crédit du Nord as well as Crédit Mutuel.