Salto.Avanti: High security level confirmed by independent experts

Salto.Avanti: High security level confirmed by independent experts

The online banking system for legal entities, Salto.Avanti, has successfully undergone two independent security assessments to evaluate its resilience against potential cyberattacks. These assessments, known as penetration tests, aimed to identify any vulnerabilities that could allow unauthorized access to client information or lead to data modification or destruction.

The testing focused on various types of attacks, including:

• Authentication vulnerabilities
• Flaws in authorization and access control mechanisms
• Insufficient defenses against attacks on the web application’s server components and its users
• Risks of confidential information disclosure
• Vulnerabilities in functions accessible to users
• Issues related to application configuration

Independent experts from the consulting firms Compliance Control and RTM Group evaluated the security of the Salto.Avanti system and rated it as high. No vulnerabilities were found that would enable malicious actors to access stored client data or perform unauthorized actions affecting client and banking information. The tests were conducted following the "black box" model, adhering to international security standards and guidelines such as PCI DSS, OWASP Testing Guide, OSSTMM, and CEH.

While no critical vulnerabilities were identified, the experts provided recommendations for addressing minor risks with low likelihoods of occurrence. These suggestions have been noted by the development team for future improvements. Along with JTC's internal secure development standards and strict compliance with The Сentral Bank of the Russian Federation requirements for security assessments, the involvement of independent experts contributes to the ongoing enhancement of Salto.Avanti's security.

Salto.Avanti represents a sophisticated suite of digital products and remote services meticulously crafted to empower banking institutions in the swift deployment of innovative digital banking solutions tailored for small and medium-sized businesses (SMBs) as well as corporate clients. Leveraging a solid microservice architecture, the Salto platform enables banks to seamlessly customize their service offerings by integrating specific modules and functionalities that align with their strategic objectives and operational priorities. This flexibility not only enhances the user experience but also positions banks to respond dynamically to the evolving needs of their clientele in an increasingly competitive landscape.