SECURITY AT BIZIMPLY
Maintaining the security, integrity, and confidentiality of your data is our top priority.
Frequently Asked Questions
Where are your servers located?
Our servers are with Amazon Web Services AWS and are hosted within the EU. For more information on AWS, Click Here
Who has access to the servers?
Only certain members of our team have authorisation to access the servers. All employees are required to use a VPN when accessing the organisation’s systems from all remote locations?
What about physical security?
Do we Pen test?
Is the data encrypted?
Is the data shard?
What happens photos that are taken on the iPad/Timestation?
Where do I report a security concern?
- We enforce strong coding guidelines.
- All Ajax response action pages are secured against being called directly.
- Included files cannot be linked to directly.
- Query parameter checking is used everywhere to type-check and secure against SQL injection attacks.
- URL and Form parameter checking is used everywhere to type-check user requests and secure against and prevent attacks.
- All content that originates from a user is escaped with XSS filters preventing Cross Site Scripting attacks.
- Integrated permission system prevents unauthorized access to objects.
- All logins failed and successful are logged
- Incorrect login attempts over user defined threshold locks account for a period of time
- Changing a users password automatically logs out all other sessions where the current user is logged in
- Passwords are never sent via email.
- The database has character escaping turned off.
- Passwords are stored in hashed format using Bcrypt – even with access to the database, passwords cannot be determined.
- Multiple-line SQL statement execution disabled to prevent SQL injection attacks.
- Error reports are automatically emailed to developers – this also shows any hacking attempts.
- High security SSL is used online for all logins and is an option for any accounts using a Custom Domain
- Policies include routine changing of server access passwords.
- All OS and middleware security updates applied and routinely checked.
- All unnecessary services are disabled.
- High strength passwords, 2FA and IP restrictions are used.
- Debugging only available to registered IP Addresses.
- Execute permissions disabled on web folder to prevent uploaded files from being executed.
- Pending files stored in non-web accessible location before being transferred to Amazon S3.
- Servers are in a highly secure location.
- Access to servers is limited to a few people.
- Firewall prevents access from unauthorized locations (except for port 80 basic HTTP, Port 443 for SSL and Port 8840 for Websocket implementation).
- We monitor general Internet security threats and ensure all updates and hot fixes are promptly applied.
- We have a number of scripts and tools such as SQLPowerinjector to test our interfaces.
- QA Team utilize an API regression test.