Security Insight: Read our blog post on the evolution of Password Storage in MIDAS

Security Audits

Score Audit Audit Date Property Verification Notes
A+
 SSL Server Test 10th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A+
 ImmuniWeb 10th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A+
 CryptCheck 11th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 Security Headers 10th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 UpGuard 11th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
B
 Web Cookies 11th July 2020 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
 B grade due to 3rd party services (i.e. Google Analytics & Cloudflare)
Virus Scan 10th July 2020 mid.as
midas.network		 [Verify]
[Verify]

Security Assessments

NCSC - SaaS Security Principles - MIDAS Evaluation (July 2020)

Security Testing

There are two main types of web application security testing; "Static" and "Dynamic".
Both testing methodologies can identify potential security flaws within software applications.
Each methodology is different, and we employ both types in the development cycle of our MIDAS software....

SAST

 Static Application Security Testing (SAST), or static code analysis, is a testing methodology that analyzes raw source code to find security vulnerabilities that could make software applications susceptible to attack. It's also sometimes known as "white box testing".

Here at MIDAS, we perform SAST as part of our routine development process. Our development tools automatically scan the MIDAS source code as we work on it, alerting us to any potential code vulnerabilities early in our software development life cycle (SDLC).

As this is a continuous and automated process, we do not produce and publish reports for our internal SAST.

DAST

 Dynamic Application Security Testing (DAST), sometimes referred to as "black box testing", differs from SAST. Where as SAST performs tests on raw source code, DAST facilitate the automated review of a web application - in our case MIDAS - with the expressed purpose of discovering security vulnerabilities.

DAST helps discover run-time and environment-related issues that would otherwise not be detected by means of SAST.

Whilst we perform our own internal dynamic application security testing, DAST is also a method by which external security researchers can uncover potential security issues within our software.

As part of our transparent approach to security, we endeavour to make DAST reports available upon request.