Steve D. Posted November 30, 2018 Share Posted November 30, 2018 Gents, I gave a second demo of the test environment to more of our InfoSec team this week. They continue to be impressed with the product, including a senior resource that is particularly hard to impress. (thanks for that. :)) I'm pretty sure pws is now the front runner for company wide password management tools that are being evaluated by them. I'm busy granting them access to the test environment so they can test configuration and do some pen testing themselves. They have been reviewing information on the www site and have run across references to CS having outside parties perform pentests on the product. They asked me to see if I could get more detailed information about that. What group/s performed the pentests, on what schedule, and perhaps a summary of results. They are evaluating how far they want to extend it at this point I suspect. Weather to expose it to the "outside" or contain it to the corporate lan. There is discussion of doing multiple implementations to break out types of lists and groups so breach of one implementation doesn't expose the entire environment. I'm working to show them the ease and speed which the product provides for correction once such a breach is detected but they may still want to split this into multiple implementations. They are also asking questions about something I asked previously regarding the ability to implement multiple www servers and filter list type access based on the www access point used. They want to prevent shared lists from being exposed on an access point deployed in the cloud for inet access while giving users access to their personal lists. VPN or secure lan access grants all lists. Can this be slotted as a feature request? Can you point me at more detailed info about the pentests please? Thanks, Steve D. Buckit 1 Link to comment Share on other sites More sharing options...
Steve D. Posted November 30, 2018 Author Share Posted November 30, 2018 tag (always forget to tick the notify me option) Link to comment Share on other sites More sharing options...
support Posted November 30, 2018 Share Posted November 30, 2018 Hi Steve, Thanks again for your request, and kind words I will email you directly over the weekend regarding this, as we don't like to publicly disclose certain information like this, as many customers are still on older builds of Passwordstate - and we do not wish to put them at risk. Regards Click Studios Buckit and Steve D. 1 1 Link to comment Share on other sites More sharing options...
Buckit Posted December 3, 2018 Share Posted December 3, 2018 You know? I wouldn't mind receiving similar information, because our environment is also under pretty close scrutiny... Link to comment Share on other sites More sharing options...
support Posted December 3, 2018 Share Posted December 3, 2018 Hi Buckit - just emailed you the same info. Regards Click Studios Buckit 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now