We secure your information in a number of ways:

Coding guidelines and checks

  • We enforce strong coding guidelines. 
  • All Ajax response action pages are secured against being called directly. 
  • Included files cannot be linked to directly. 
  • Query parameter checking is used everywhere to type-check and secure against SQL injection attacks. 
  • URL and Form parameter checking is used everywhere to type-check user requests and secure against and prevent attacks. 
  • All content that originates from a user is escaped with XSS filters preventing Cross Site Scripting attacks. 
  • Integrated permission system prevents unauthorized access to objects. 

User Access

  • All logins failed and successful are logged 
  • Incorrect login attempts over user defined threshold locks account for a period of time
  • Changing a users password automatically logs out all other sessions where the current user is logged in
  • Passwords are never sent via email
  • SSO via GSuite and federated login available depending on price plan

Database

  • The database has character escaping turned off. 
  • Passwords are stored in hashed format using Bcrypt - even with access to the database, passwords cannot be determined. 
  • Multiple-line SQL statement execution disabled to prevent SQL injection attacks. 

Server Setup

  • Error reports are automatically emailed to developers - this also shows any hacking attempts. 
  • High security SSL is used online for all logins and is an option for any accounts using a Custom Domain
  • Policies include routine changing of server access passwords. 
  • All OS and middleware security updates applied and routinely checked. 
  • All unnecessary services are disabled. 
  • High strength passwords, 2FA and IP restrictions are used. 
  • Debugging only available to registered IP Addresses. 
  • Execute permissions disabled on web folder to prevent uploaded files from being executed. 
  • Pending files stored in non-web accessible location before being transferred to Amazon S3. 

Hosting

  • Servers are in a highly secure location. 
  • Access to servers is limited to a few people. 
  • Firewall prevents access from unauthorized locations (except for port 80 basic HTTP, Port 443 for SSL and Port 8840 for Websocket implementation). 

Testing & Awareness

  • We monitor general Internet security threats and ensure all updates and hot fixes are promptly applied. 
  • We have a number of scripts and tools such as SQLPowerinjector to test our interfaces.
  • QA Team utilize an API regression test