Security Insight: Read our blog post on the evolution of Password Storage in MIDAS

Security Audits

Score Audit Audit Date Property Verification Notes
A+
 Qualys
(SSL Server Test)		 18th June 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A+
 ImmuniWeb 18th June 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 Security Headers 17th January 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 UpGuard 18th June 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
B
 Mozilla Observatory 18th June 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
Cloudflare Radar 18th June 2024 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
Virus Total
(Virus Scan)		 18th June 2024 mid.as
midas.network		 [Verify]
[Verify]
Sucuri SiteCheck
(Malware Scan)		 18th June 2024 mid.as
midas.network		 [Verify]
[Verify]

Security Assessments

NCSC - SaaS Security Principles - MIDAS Evaluation (July 2024)
NCSC - SaaS Security Principles - MIDAS Evaluation (July 2023)
NCSC - SaaS Security Principles - MIDAS Evaluation (July 2022)
NCSC - SaaS Security Principles - MIDAS Evaluation (July 2021)

Security Testing

There are two main types of web application security testing; "Static" and "Dynamic".
Both testing methodologies can identify potential security flaws within software applications.
Each methodology is different, and we employ both types in the development cycle of our MIDAS software....

SAST

 Static Application Security Testing (SAST), or static code analysis, is a testing methodology that analyzes raw source code to find security vulnerabilities that could make software applications susceptible to attack. It's also sometimes known as "white box testing".

Here at MIDAS, we perform SAST as part of our routine development process. Our development tools automatically scan the MIDAS source code as we work on it, alerting us to any potential code vulnerabilities early in our software development life cycle (SDLC).

As this is a continuous and automated process, we do not produce and publish reports for our internal SAST.

DAST

 Dynamic Application Security Testing (DAST), sometimes referred to as "black box testing", differs from SAST. Where as SAST performs tests on raw source code, DAST facilitate the automated review of a web application - in our case MIDAS - with the expressed purpose of discovering security vulnerabilities.

DAST helps discover run-time and environment-related issues that would otherwise not be detected by means of SAST.

Whilst we perform our own internal dynamic application security testing, DAST is also a method by which external security researchers can uncover potential security issues within our software.

As part of our transparent approach to security, we endeavour to make DAST reports available upon request.