In order to ensure the security of Customer Data and Our Data, we employ the following techniques:
- Development and quality assurance methodology for ensuring security and privacy that we have developed over 10+ years that corresponds to industry best practices
- Leverage Microsoft Threat Modeling Methodology
- Follow Privacy Best Practices: Privacy Guidelines for Developing Software Products and Services
- Follow Security Guidelines for Development of Web Applications - Improving Web Application Security: Threats and Countermeasures
- Use specialized security tools, including Microsoft Anti-Cross Site Scripting Library
- Multi-level regular testing for all prevalent and dangerous security vulnerabilities: XSS, SQL-injection , unauthenticated/unauthorized access
- Use an enterprise-strength platform - Microsoft.Net framework (IIS 7.0, ASP.Net 2.0, Web Services, SQL Server 2005)
- Host on our own servers, and utilize:
- Network Security
- Intrusion Prevention Systems
- Enterprise Firewall
- Anti-Virus Protection
- Our deployment and maintenance protocols include:
- Secure configuration of Web server and Database server
- SSL (encrypted) connection between the web server and database server
- Up-to-date configuration and patches for the operating system and software components
- Authorization procedures for personnel involved in maintenance and deployment
- Ongoing activity monitoring to identify security attacks and prevent vulnerabilities
- Constant monitoring of industry developments regarding new attack vectors and vulnerabilities and development approaches to build secure systems