TAG Video Systems Earns High Marks on OWASP Security Audit
TAG Video Systems has received high marks for its security protocols following a rigorous and thorough two-part audit based on criteria developed by the Open Web Application Security Project (OWASP). According to Paul Briscoe, TAG’s chief architect, the results of this audit are a testament to the company’s success in providing heightened security to its customers. TAG provides 100% SW, 100% IP, 100% COTS/Cloud, Probing, Monitoring and Multiviewing solutions, for all four of the major broadcast applications (Live Production, Playout, Delivery and OTT).
“One of the hottest topics today is security,” explained Briscoe. “Our customers deserve to know that their systems are pristine and their most valuable asset – their content, is safe. TAG supports all the standard safety protocols such as HTTPS and FTPS, offers Proxy capabilities to prevent unauthorized Internet access, and is constantly integrating updated security levels into our MCM-9000. We welcomed the opportunity to be audited and we’re proud to announce that the audit verified the effectiveness of our safety protocols.”
The security of TAG’s software-based MCM-9000 Multiviewer and monitoring solution was the subject of the dual-phased audit. The first part, Penetration Testing, assessed the solution’s ability to withstand breach attempts aimed at harming the system itself, or at gaining access to other applications on the infrastructure. TAG’s MCM-9000 scored high marks, proving itself resistant to unauthorized access.
Phase two of the audit, developed by OWASP and known as the Application Security Verification Standard (ASVS), evaluated the MCM-9000’s ability to address and mitigate the TOP 10 most critical security risks facing web developers and applications, including: injection flaws, broken authentication and access control, sensitive data exposure, poorly configured XML processors, security misconfiguration, cross-scripting flaws, insecure deserialization, vulnerable components and insufficient logging and monitoring. Phase two examined the procedures that were undertaken to develop the software and the security processes implemented to safeguard the data against risks. TAG’s MCM-9000 was verified for compliance with ASVS Levels 1 and 2, the stages that address applications containing sensitive data.
“Our MCM-9000 not only met the criteria set forth by OWASP but surpassed expectations,” added Briscoe. “We’re beyond pleased that our customers can be secure in the fact that their data and internal systems, and in turn their revenues, are securely protected from content hackers. This confirmation goes a long way to providing peace of mind for content owners.”