Security Insight: Read our blog post on the evolution of Password Storage in MIDAS

Security Audits

Score Audit Audit Date Property Verification Notes
A+
 Qualys
(SSL Server Test)		 16th March 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A+
 ImmuniWeb 2nd April 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A+
 CryptCheck 16th March 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 Security Headers 16th March 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
A
 UpGuard 16th March 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
B
 Web Cookies 16th March 2021 mid.as
pentest.mid.as
midas.network		 [Verify]
[Verify]
[Verify]
 B grade due to 3rd party services (i.e. Google Analytics & Cloudflare)
Virus Total
(Virus Scan)		 16th March 2021 mid.as
midas.network		 [Verify]
[Verify]
Sucuri SiteCheck
(Malware Scan)		 16th March 2021 mid.as
midas.network		 [Verify]
[Verify]

Security Assessments

NCSC - SaaS Security Principles - MIDAS Evaluation (July 2021)

Security Testing

There are two main types of web application security testing; "Static" and "Dynamic".
Both testing methodologies can identify potential security flaws within software applications.
Each methodology is different, and we employ both types in the development cycle of our MIDAS software....

SAST

 Static Application Security Testing (SAST), or static code analysis, is a testing methodology that analyzes raw source code to find security vulnerabilities that could make software applications susceptible to attack. It's also sometimes known as "white box testing".

Here at MIDAS, we perform SAST as part of our routine development process. Our development tools automatically scan the MIDAS source code as we work on it, alerting us to any potential code vulnerabilities early in our software development life cycle (SDLC).

As this is a continuous and automated process, we do not produce and publish reports for our internal SAST.

DAST

 Dynamic Application Security Testing (DAST), sometimes referred to as "black box testing", differs from SAST. Where as SAST performs tests on raw source code, DAST facilitate the automated review of a web application - in our case MIDAS - with the expressed purpose of discovering security vulnerabilities.

DAST helps discover run-time and environment-related issues that would otherwise not be detected by means of SAST.

Whilst we perform our own internal dynamic application security testing, DAST is also a method by which external security researchers can uncover potential security issues within our software.

As part of our transparent approach to security, we endeavour to make DAST reports available upon request.