Security

The technical frameworks we employ provide solid authentication and authorization mechanisms to protect the applications from all threats. Care is taken to plug Injunction vulnerabilities and prevent information leakages. Audit Logging and SSL protocols are used where appropriate.

Authentication mechanisms protect the application from spoofing attacks, dictionary attacks, session hijacking, and other types of attack. Platform supported authentication mechanism such as Windows Authentication is used when possible. Account management best practices such as account lockouts, strong password policies and password expirations are enforced.

Authorization frameworks are designed into the system to prevent unauthorized information disclosure, data tampering, and elevation of privileges. Granularity of authorization settings can be maintained at a level that offers flexibility without increasing the authorization management overheads.

We employ effective exception management strategies that prevent sensitive exception details from being revealed to the use and help to avoid leaving your application in an inconsistent state in the event of an error.

We follow the principle of client-side validation for user experience, and server-side validation for security. All user interaction elements are designed to prevent cross-site scripting attacks, SQL injection attacks, buffer overflows, and other types of input attack.

Activities across the system, including user management events, unusual activities and business-critical operations are audited and logged. These logs can be used to detect suspicious activity, which frequently provides early indications of an attack on the system, and help to address the repudiation threat where users deny their actions.

APIs and external frameworks are audited and validated to ensure they do not contain vulnerabilities. SSL protocols are employed to protect the confidentiality and integrity of data exchanges where appropriate.