Application Level Security

Application

  • The system user’s passwords are securely stored in the database.
  • Sensitive data such as integration passwords, usernames and/or app keys is encrypted and stored in the database.
  • The system web APIs contain a built-in mechanism to prevent brute force attacks.
  • System access to DB includes a built-in mechanism to prevent SQL injection attacks.
  • Input validation is performed throughout the system for both client and server-side access.
  • Playbook/integration are performed by a dedicated Sandbox server with limited access credentials.

Penetration Testing

  • A full penetration test is performed on both appliance and application on a periodic basis.

OS Level Security

Network Access

  • All communication is performed via HTTPS
  • Network Access – Inbound & Outbound traffic is limited to all but necessary ports
  • The SSL is provided with a valid, signed certificate
  • Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.

Additional Software

  • Software installed on the appliance is limited to only required applications
  • All open source software is scanned for Open Source License Compliance.

Operating System Updates

  • The Appliances OS is kept up to date for every version release.

Vulnerability Scanning

  • The appliance is thoroughly scanned for vulnerabilities on every release, utilizing leading Vulnerability Scanning solutions.

Access Control

  • Strong user account credentials are enforced.
  • Accounts are locked after exceeding maximum login attempts.

Remote Agent Infrastructure

Remote Agents

  • All communication Remote Agents is performed via Job Publisher and limited to one-way communication.
  • The Job Publisher data store is encrypted with a key that is not stored locally on the server.
  • All data is deleted automatically after a set time period

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.