Press releases

APF video+ put to the test

22.06.2021

The smart video solution from AMETRAS vision withstood an OWASP 10 security test and passed the penetration test on its second attempt. APF video+ now leads users in the service centres of CEP depots and forwarding agents not only extremely quickly, but also securely to the package they are looking for! Customers can rely on the high security level of the software.

The security of APF video+ put to the Test
Earlier this year, the AMETRAS video solution went through a comprehensive external security audit. According to the standards of the Open Web Application Security Project (OWASP), the APF video+ software was tested for critical security vulnerabilities. The non-profit organisation OWASP regularly lists the ten biggest security risks of web applications.

The findings of this penetration test were analysed and categorised in detail, leading the AMETRAS development team to immediately get to work on closing the existing security gaps. The re-test carried out a few weeks later confirmed the effectiveness of the measures taken: APF video+ met all required security criteria according to the OWASP Top 10 - 2017 Vulnerability List.

Since April, all delivered releases have been classified as secure. Customers of previous releases also received the latest security patches in a special update process.

The most critical Security Vulnerabilities
The OWASP Top 10 Application Security Risks are:

  • A1. Injection
  • A2. Broken Authentication
  • A3. Sensitive Data Exposure
  • A4. XML External Entities (XXE)
  • A5. Broken Access Control
  • A6. Security Misconfiguration
  • A7. Cross-Site Scripting (XSS)
  • A8. Insecure Deserialization
  • A9. Using Components with Known Vulnerabilities
  • A10. Insufficient Logging & Monitoring

Meaning for AMETRAS vision customers
All customers who use the APF video+ video solution can therefore rely on the excellent programming quality of AMETRAS and be sure that the highest security requirements are met and data theft and third-party authentication are avoided at the latest security level.

Nevertheless, the audit can only be seen as a snapshot. However, as a security-aware company, AMETRAS vision will continue to undergo professional IT security examinations and be regularly tested by independent cybersecurity specialists in order to quickly close any possible new security gaps.

Cyber threats will remain. However, AMETRAS always keeps the security standards of its software up to date and thereby gives its customers the highest possible security in using APF video+.

You can download the complete presse release here:
Download: AMETRAS vision press release "Pentest APF video+" (167 KB)