The number of threats targeting software is constantly increasing, making the security of computer systems a key element of business continuity and success. Not only the loss of business-sensitive data poses a threat - there are also fraud, malicious activity, theft of personal data and so on. While the security industry has mostly been focused on finding bugs and viruses, the mistakes in how software is designed, its weaknesses and flaws - such as insecure storage or not validating data properly - can also lead to security breaches. That is why many organizations want to be sure that software systems they use are flawless not only in supporting operations required for high-performance business, but in protecting them from the impact of security weaknesses as well.
Understanding the importance of independent expert opinion, ABBYY contracted NCC group to conduct a deep security assessment of its FlexiCapture software system to ensure that it fully complies with security policies of leading companies. ABBYY FlexiCapture is a data capture platform designed to automatically transform streams of documents across an enterprise into business-ready data. The product is often used to extract and process sensitive, confidential or personal information.
The security assessment was divided into two stages: FlexiCapture setup security review and web application security assessment. Web application assessments can be performed either remotely or on site, depending on the exposure of the application. The purpose of the assessment is to identify any vulnerabilities that can be exploited in order to attack the system or other users, bypass controls, escalate privileges, or extract sensitive data (for more information, see OWASP top ten web application security risks).
The application was viewed and manipulated from several perspectives, including with no credentials, user credentials, and privileged credentials. According to the results, ABBYY FlexiCapture successfully complied with the high security standards - no serious vulnerabilities were identified.