At Plan-IT, the security of users and their data is always paramount. To ensure this, an independent penetration test was conducted in early 2025 by NFIR*, a cybersecurity specialist.
The test focused on our most important web applications, including Plan-IT Werkplaats Web, Plan-IT Proefrit, Plan-IT Online, and Plan-IT Welkom. International standards such as OWASP WSTG, OWASP Top 10, and CVSS were followed. The goal was to identify vulnerabilities.
Plan-IT develops and manages applications that are used daily by hundreds of companies and thousands of users. “Because these systems are essential to our customers, we believe it’s important to continuously assess and improve their security. By engaging an independent party, we not only demonstrate our quality but also provide customers and partners with the assurance that our applications meet high security standards,” says Julian Hendriks, Managing Director of Plan-IT International.
During the first test in January 2025, 12 findings were identified. None of them were critical; Most were classified as high or medium and could be resolved quickly. A retest by NFIR followed in September 2025: 9 of the 12 findings were fully resolved. The remaining 3 were classified as medium or informational and pose no practical risk. All findings with a high risk classification have been resolved.
The results confirm that Plan-IT’s web applications are demonstrably well-secured. By regularly conducting independent testing and addressing findings immediately, Plan-IT offers customers and partners a secure and stable environment.
Security is not a one-time action for Plan-IT, but an ongoing process. “With continuous improvements and independent audits, we demonstrate that we take security very seriously. Customers can confidently rely on our products,” concludes Julian.