Recent Posts

    Authors

    Published

    Tag Cloud

    301 302 404 accessibility accounts ACLs advertising aggregation Agile Analytics android APP Article attachments awards backup BCM beta browser business continuity Calendar case-study categories Chrome citigroup cms codes coding standards Complaints contact management software control panel crm CSS customer management software customer relationship system customize database DataModel DDoS demo design designer device compatibility difference distribute a published article via email DND DNS documents drag & drop Editor email EOL erp event Excel featured feeds file manager file sharing file volume Firefox Firewall HA hack Handlebar how-to HTML HTML5 HTTP HTTPS iCal IE Instructions intranet iOS iPad Java JavaScript JDBC JDK Jenkins Job Track Journal JSON JVM landing-page launcher layered database layout logging login mac marketing menu meta Microsoft Outlook mobile module modules mustache navigation NTLM offline page painter password passwords PCI policy poll pricing privacy PROXY publish publisher publsher PWA redirect Redundancy release release-notes Report Tool Reports Responsive ReST RESTFul Rich text RSS Safari sandbox sanity schedule scrum search security SEO sessions setup shipping site builder source spell SQL Injection SSL SSO standards store stSoftware support survey Swagger Task template testimonial Threads timezone tinyMCE Transaction Search trigger twitter twitter bootstrap Ubuntu unit tests unsubscribe URL validation WC3 AAA web folders web services webdav windows 8 wizard workflow WYSIWYG XLS XLST XML XPath XSS

    System security overview

    stSoftware secures our systems by following industry best practices for the whole of the SDLC

    Overview

    stSoftware designs systems to meet or exceed all aspects of the Australian Government Protective Security Policy Framework PSPF. At stSoftware, we take security very seriously. Our ephemeral workload servers are locked down to be accessed only via bastion hosts; the support team can only access the bastion hosts themselves via secure shell from specific IP addresses. 

     

    stSoftware follows Infrastructure as Code principles for all AWS services.

    Network design

    Best practice network design for a fully redundant, fault-tolerant stSoftware server cluster has:-

    Server Lockdown

    All Linux servers are locked down to the highest security standards possible. All services are off by default and all ports shut. Only the required services started. 

    Password Management

    The system administrator can configure the system password options to find the correct balance between convenience and security. Job track application administrators can configure the password and login options at the user level also.

    Job Track Data Access Layer 

    All protocols access the underlying data through the DAL (data access layer). There is NO direct access to the underlying data store, no matter which protocol is used. Each protocol accepts the request to read or write data and then perform the protocols validations and then pass the request on to the DAL to execute the request, which validates the request, checks the user's access, and performs any validations before returning the result.

    Standard SQL injection and Cross-Site Script attacks are performed on each component as part of normal nightly unit testing. 

    References

    • https://www.sans.org/reading-room/whitepapers/detection/identify-malicious-http-requests-34067