- HTTPS is used exclusively across the entire application for secure communication.
- AES-256 encryption is used to ensure the security of data, including encrypted cookies and session values.
- Authorization checks using policies and gates to ensure users have appropriate permissions and custom middleware is also used for specific security requirements.
- User passwords are stored as hashed values.
- Protection against dictionary attacks is provided by the use of the use of throttle and Rate Limiter middleware.
- Robust measures are taken to prevent SQL injection vulnerabilities, including input validation, sanitization, query binding, parameter binding, and escaping user inputs to prevent the embedding of user data into SQL statements.
- Measures are implemented to mitigate the risk of Cross-Site Scripting (XSS) & CRSF attacks using the Form Classes Token method to create a unique token for each form. This ensures the request must originate from the application itself and ensures forged requests are not mistakenly accepted.
- All files uploaded to the system undergo thorough scanning using antivirus software and are stored in an S3 private bucket.
- Database security is managed carefully, with regular security upgrades, enhanced password encryption, RBAC, and strict password policies. TLS encryption, controlled data masking protection, combined with a firewall and InnoDB encrypted tablespaces.
- Finally, we have implemented application logging to track activities, errors, and security-related events. These logs are monitored for suspicious activities and potential security breaches.
Address
Artillery House, 71-73 Woodbridge Road, Guildford, GU1 4QH
1 Westminster Bridge Road London, SE1 7XW
1 Westminster Bridge Road London, SE1 7XW