VeilMail Penetration Test - Executive Summary 

"It is clear that VeilMail has been built from the ground up to be the most secure messaging platform on the market today." 

- Steve Bryne, Director. Cyber Research Limited 

Turner Technologies engaged Cyber Research Limited to conduct a Penetration Test of the VeilMail B2B messaging system. The assessment was conducted on a dedicated test system of which we had unfettered access over an 8 week period from November 2014 to January 2015.

The focus of this engagement was to ascertain the security posture of VeilMail and to determine if implemented controls were adequate in protecting the confidentiality and integrity of VeilMail data.

VeilMail makes extensive use of Java and multiple layers of encryption. Throughout the extensive security assessment, Cyber Research Limited identified that VeilMail enforces sound security practices around authentication and protection of confidential data from transmission through to storage.

VeilMail provides valuable authentication controls and was effective in preventing external attacks. Cyber Research Limited was unable to bypass the authentication control to gain access to the application without valid credentials.

It is clear that VeilMail has been built from the ground up to be the most secure messaging platform on the market today.

Product comparison: VeilMail vs the rest

Similar competing  OTR (off the record) commercial products use encrypted communications across the Internet, but often store customer data in an unencrypted state on their own servers. Customers also share the vendor’s private networks and the vendor’s own shared servers. It may not be obvious if your data is harvested by NSA’s PRISM, other governments agencies, private groups or individuals.

Cyber Research Limited prefers the VeilMail architecture over other commercial products because it includes a bespoke secure server that runs on a proprietary developed virtual machine. The server is unique to the customers that need to communicate with each other, and is provided on premise within the customers own enterprise IT, allowing the customer to have complete control over who accesses the system and how.

Download the full report

Back To top