By Mikkel Hald, 22/01/24
Some years ago WAYF developed and launched an entirely new platform for handling the login traffic between the federation's identity and service providers. Prior to the launch back in 2018 the platform was reviewed and okayed by German company Hackmanit GmbH, who specialise in login security.
Since then the platform has been developed further, and even though this was done with solid security measures in place, WAYF wants to have platform security reviewed by externals once in a while, particularly following larger changes to the code. Such a change was at hand when early in 2023 we implemented support for OIDC; and so we have, over the summer, had Hackmanit pen-test and code-review our platform once more.
The security review has confirmed WAYF's platform indeed is very secure. Hackmanit's report of the review is publicly available and can be read at the firm’s blog post about the process.