Matrix42 performs a manual penetration test for each application once per calendar year. Both on-premises and SaaS variants are always tested, if available. The test is performed by an externally contracted company, which is the market leader in Germany in the field of penetration testing and also offers training and consulting in addition to the experience gained from numerous projects. We take the results from the penetration test very carefully and follow an internal guideline that specifies a time line in which something must be fixed, depending on the level of risk. Furthermore, a post-test is performed to verify the effectiveness of the vulnerability remediation. The manual penetration test is supported by an automated penetration test, which differs in scope and frequency depending on the application and system, such as Development, Test and Productive.
Another component of application security is the testing of product components in connection with supply chain attacks. The focus here is on reducing and eliminating attack surfaces that can be created by components. The review is carried out cyclically by an external company, analogous to the manual penetration test.
Matrix42 MyWorkspace is a multi-client SaaS solution that ensures that data cannot be read across clients through its rights and roles concept.