The testing for Ludwig was performed under our Grey Box testing services.
We were contracted to test the web application. The Ludwig Assistant works in hand with the Silverfin accountancy cloud platform. Our work mainly consisted of checking the integration of Ludwig into Silverfin, to ensure there was no leakage of data.
Given the nature of the integration, we conducted a full test and checked in particular for some key vulnerabilities. These included:
- Authentication and Session Management
- Sensitive information disclosure
- Access control flaws
- Business logic flaws
Results
We discovered several vulnerabilities which required attention from the security team at Ludwig. Some of these were deemed critical to operational integrity and were patched immediately. Following the patch, our team revisited the application and conducted full sanity and regression testing.
“We have a good impression of how Cyrex has handled it. The results are certainly not trivial bugs. Fortunately, the report contains a clear description of the problem, including possible solutions and advice for further development. We are reassured that Ludwig Assistant is well secured.”
Ludwig