Rigorous tests assure security of toplevel solutions

Toplevel has specialised in developing efficient e-business software for a decade, facilitating secure transactional solutions over the internet/intranet for government and non-profit organisations. Customers including the Ministry Of Defence, Charity Commission, Foreign Office, local authorities, police and fire services have all incorporated Toplevel systems to improve their customer service through online access to application forms, membership systems, booking and status reporting.

Toplevel has always had a strong focus on security within its own R&D programme but it was Toplevel’s work with a mutual client that led the company to commission NTA Monitor, a specialist IT security consultancy, to undertake a thorough third-party review of Toplevel’s web application solution. Jane Roberts, Sales and Marketing Director at Toplevel explains: “We already had knowledge of NTA’s expertise and we were keen to assure our customers that they were receiving the best e-business solutions from us, not only in terms of reliability and ease of use but most importantly, security.”

The testing procedure took a total of 11 days and was implemented over two stages, culminating in NTA producing a ‘best practice’ Hardening Guide for Toplevel. Roy Hills, Technical Director at NTA Monitor comments: “Following an induction day at Toplevel’s offices, we undertook bench testing of the core features of the company’s software. NTA looked at the behaviour of the applications when under attack from threats such as a cross-site scripting and SQL injection, as well as how passwords were set up and stored. Initial findings and recommendations were fed back to Toplevel and adjustments to the software were quickly incorporated.”

A second testing phase showed that the Toplevel software was secure in all areas. This enabled NTA to produce the Toplevel Hardening Guide, which the company now makes available to its customers as a value add to the product they purchase. The Hardening Guide incorporates step by step advice for Toplevel customers on how to configure their servers to ensure maximum internet security.

Roy Hills continues: “The proactive approach Toplevel adopted in ensuring maximum security of its products was refreshing and their clients will benefit from this exercise.”

Jane Roberts concludes: “The NTA testing programme was a success on all fronts. The project went according to plan and our customers can now be safe in the knowledge that we can offer them the extra reassurance that Toplevel’s software has already been through a stringent third-party security testing process before they buy it.”

About NTA Monitor

NTA Monitor, www.nta-monitor.com, is a market leading, innovative Internet security testing, auditing and consultancy company that helps to protect its 500+ customers from loss of revenue and reputation.

The company provides a range of security services including vulnerability testing, web application testing, wireless infrastructure testing, BlackBerry and laptop security testing, IT risk assessments, security policy and procedure reviews and network architecture auditing in order to help prevent unauthorised access to organisation’s networks and data. NTA regularly finds new vulnerabilities through its test projects and research and development programmes.

NTA is a founder member of the CESG 'CHECK' scheme and the newly-founded CREST (Council for Registered Ethical Security Testers). NTA is also an Approved Scanning Vendor (ASV) under the Payment Card Industry Data Security Standard (PCI DSS).

For further information, please contact:
Jacqui Delbaere/Elaine Calvert
Delbaere Public Relations

Email : jacqui@delbaere.fsbusiness.co.uk
Tel: 0207 787 6218/ 07981 504468

Email: elaine.calvert@lineone.net
Tel: 07764 614113