We recognize that by being supplier of security and authentication software, our clients puts a level of thrust into our hands. To live up to these requirements all SW-development and testing aims at securing the highest WEB-application security standards.
We recognize and accept the leading international WEB-application security standards formulated by multiple organizations:
The latest version of FastPass 3.5 has been tested against the tough requirements from all three standards by Indusface Pvt.Ltd. Indusface is an authorized scanning vendor and is used by more than 700 large companies and SW-developers world-wide to assure that WEB-applications are safe for users and organizations.
The scanning of FastPass included more than 5000 different types of attacks against the FastPass Cloud configuration.
The conclusion of all the tests is:
The application FastPass Password Manager v. 3.5.2 is free from any severe vulnerability threat and safe to carry out transaction. The Web Client and the Mobile Client for the FastPass system was found to be very secure as no vulnerabilities were uncovered in this security audit. The environment is tested against OWASP and SANS guidelines and the application was found safe against them. The tested environment passes the PCI scan requirements. Vulnerabilities with a risk level of medium (CVSS level 4.0) or higher were NOT discovered. The overall security level is noted as Very High
The security is attained using FastPass 3.5.2 (all product and Cloud configurations) combined with FastPassCorp hardening recommendations as documented in FastPass installation Manual.
FastPassCorp is committed to a continued emphasis on the highest security standards for the development of all our enterprise password self service SW-products and Cloud services for our customers.
See the Conclusion from Indusface: link to document
Get the full test document from Indusface: link to documents page
The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A…
The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A global organization, it maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.
Who We Serve
We serve those who work with and are associated with payment cards. This includes: merchants of all sizes, financial institutions, point-of-sale vendors, and hardware and software developers who create and operate the global infrastructure for processing payments.
What We Do
There are two priorities for our work:
More info: WEB-security level: Very High!
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organizat…
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. We ask that the community look out for inappropriateuses of the OWASP brand including use of our name, logos, project names and other trademark issues.
There are thousands of active wiki users around the globe who review the changes to the site to help ensure quality. If you're new, you may want to check out our getting started page. As a global group of volunteers with over 42,000 participants, questions or comments should be sent to one of our many mailing lists or directed to the OWASP Contact Us Form.Help me choose
More info: WEB-security level: Very High!
The SANS Institute was established in 1989 as a cooperative research and education organization. Its…
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.Help me choose
More info: WEB-security level: Very High!
We found that FastPass was the only solution in the marketplace with the capability to deliver a fully-fledged solution that we could use for all of our customers. A solution is only good once deployed and we see that the new service based on FastPass is highly popular among our customers. We tested several products in the market and found that the FastPass product stood out clearly as the best product thanks to the easy implementation, single point of management and rich feature set. FastPass supports our strategy of the very best customer experience regardless of the time of day, says Per Werngren, CEO at IDE.
"The Portuguese Parliament was looking for a self-service password reset/unlock solution. We surveyed the market, and found some expensive and complex solutions. Then we discovered FastPass, which seemed to address all our requirements. We did a pilot installation, and were very pleased by the ease of use for both the administrator and the final user interface. We were even more pleased with the low cost for such a complete product. After we acquired the product, installation was a breeze and FastPass support helped us promptly in all our issues and questions. We had the product in full production in about one week after installation and initial testing. Now our users have a simple method to unlock/reset their passwords without contacting helpdesk, at any time of day or night and from everywhere they have Internet access."
Varde City Council needed to improve service for end-users working outside normal business hours, and wanted at the same time to reduce number of calls to the internal IT department. With more than 100 password related calls each month, Varde decided for FastPass to give users self-service for passwords. Varde has two priomary passwords : Windows/AD and an extermnal password from an IBM mainframe (KMD). With FastPass users now have self-service when a password is forgotten or lost. Within less than 3 months more than 80-85% of calls are now handled by users. See the comments from Lea Dragsbæk
Sonoco realized the need to reduce Help Desk expenses and quickly identified password resets as a target call volume. Sonoco had already made a large investment in their identity and access management infrastructure and they wished to capitalize on that with minimal additional investment. Sonoco and Logic Trends collectively identified FastPass’s Password Manager product due to the low licensing cost, low maintenance effort and strong integration with the Microsoft infrastructure.
Faced with a compliancy requirement from our US parent company, we surveyed the market for a tool that would help us to come into line with section 404 of the Sarbannes-Oxley Act, which requires our users to authenticate themselves to the environment and have the ability to manage their own passwords.
Exactly 21 days before the compliance date we found FastPass Password Manager with a connector to our AS/400 environment.
IT Intergroup worked with us to get the FastPass solution in place and we were compliant a week ahead of schedule. All our users are now able to authenticate and resset passwords from a simple browser interface
In the spring 2009 Tulsa Public Schools decided to implement FastPass Password Manager from FastPassCorp. IT-manager Kirk Damron says: "We needed to reduce the load on our Help Desk from numerous calls related to forgotten passwords". With 8000 employees and teachers and increasing complexities in passwords, the ‘forgotten password’ workload was significant.
Kirk Damron adds: "We needed a solution which was easy to implement and administrate, and easy to use for the end-users. FastPass has proved to be just that!"
Installation and implementation was done in just one day, and the continued roll-out to users has been effortless.