Перейти к содержанию

Results of external penetration tests of the StarVault secrets management system

Orion soft announced the results of testing the StarVault secrets management system, conducted by Cicada8 specialists. As a result of the penetration tests, two vulnerabilities related to access control and fault tolerance were eliminated.

The testing was conducted using the "gray box" method, simulating the actions of an experienced attacker with access to internal information and infrastructure. Experts checked the system for vulnerabilities that could allow a hacker to gain access to confidential data and platform components.

Following the work, patch StarVault 1.4.1 was released, which strengthened the access control mechanism and system fault tolerance. Alisher Kamalov, StarVault Product Lead at Orion soft, explained:

A secrets management system must meet strict security requirements, as it directly works with sensitive business information. External penetration tests allow us to conduct deeper system checks and more effectively improve its security. In addition, we are currently in the process of obtaining FSTEC certification, which will confirm StarVault's reliability for use in critical information infrastructure (CII).