All Posts By

Paul DiPeso

Feenics Achieves CA Veracode Verified Status

By Feenics Blog No Comments

OTTAWA, Ontario – May 7, 2018 – Today Feenics announced that it participated in CA Technology’s Veracode, Verified program over the past 10 months, a stringent process that validates a company’s secure software development procedures, and has received the seal of Verified by Veracode.  With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers Feenics to demonstrate its commitment to creating secure software.

When purchasing software, customers and prospects are demanding to understand how secure the software is. As part of CA Veracode Verified, Feenics can now demonstrate through a seal and provide an attestation letter from an industry leader that the application has undergone security testing as part of the development practice. Additionally, participating in the program ensures that our software meets a high standard of application security, reducing risk for the customer.

Organizations that had their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

  • Assesses first-party code with static analysis
  • Documents that the application does not allow Very High flaws in first-party code
  • Provides developers with remediation guidance when new flaws are introduced

Keep’s RESTful API scanned by Veracode in becoming Verified

The Keep API provides the developer with programmatic access to all the functionality of a deployed physical access control solution.  From adding cardholders, to adjusting door schedules, modifying access levels or querying for hardware status, all activities are programmable through this unified, RESTful API.
In addition to the stateless HTTPS protocol the API service also offers a live stream of events over a web-socket connection.  This stream of events can be used for live alarm monitoring, real time data analysis and threat detection.
The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238).

“Feenics is committed to delivering secure code to help organizations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software,” said Asha May, CA Veracode.

Denis Hebert, President of Feenics, stated that “third party review and audit within our software development lifecycle is an essential part of the vulnerability assessment process, ensuring that Feenics does everything possible to mitigate cyber risk for our users.”

“As breaches become more prevalent, the electronic security industry has a responsibility to take every possible step to guard against potential threats that may be caused by weaknesses within its API.  While quality assurances (QA) are steps that all manufacturers should take before release of any solution or additional functionality, Feenics believed it needed to take additional precautions – such taking part in and being compliant with Veracode’s Verified program – to validate our solution, Keep, from those potential threats,” said Paul DiPeso, Executive Vice President, Feenics.

About Feenics*
Keep by Feenics™ is the industry’s most secure, on premise or cloud-hosted, integrated access control and security management solutions. Featuring two-factor authentication, TLS encrypted field hardware and a secure SSL connection, Keep provides the end user with powerful features, using an easy to navigate user interface (UI) accessible via computer, tablet or smartphone. As a hosted platform, Keep reduces the total cost of ownership (TCO) by eliminating servers and appliances, while the UI is accessible anywhere there is an internet connection, providing peace of mind with full disaster recovery and redundancy. Designed by a leading industry integrator and innovator specifically for the systems integration and value-added reseller markets, Keep’s modular design scales from a single site to an enterprise environment. Keep monitors real-time events and pushes alarm or manual notifications out via email or SMS; locks down doors with a single click; creates badges; and integrates with leading providers of intrusion, video, wireless locks and accessories.
*All brand and company/product names are trademarks or registered trademarks of Feenics, all rights reserved.