See what makes our portals highly secure!
See what makes our portals highly secure!
May 16, 2016
0 Comment
Here at C1 India, it has been our commitment to deliver safe, secure and reliable tendering and auction solutions. Every portal developed by us complies with the highest standards of security and adheres to all the government guidelines like STQC and CVC among others. We understand the relevance of a secure tendering or auction portal, as the transactions carried out on these portals are enormous and the data is highly confidential.
Have a quick look on the state-of-the-art security features which we have incorporated in our portals which make them highly secure :
- SSL enabled: SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. Our portals have this technology enabled in them.
- PKI (Public Key Infrastructure) enabled: A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks and Internet and verify the identity of the other party. This can be achieved with or without a Digital Signature Certificate (DSC).
- CAPTCHA enabled: CAPTCHA is a challenge response test designed to distinguish humans from computers. This technology is used to prevent the Brute Force Attack in which attacker configures the predefined values and makes requests to the server using those values attacker analyses the server response. It is also used to prevent spammers from sabotaging the portal.
- User password kept in hashed (SHA1) format: This step ensures that the passwords used for login into the portals are secured since it is stored within the database and it is to achieve the Two Factor Authentication as well.
- Two Factor Authentication: This enables that the user’s claimed identity is confirmed using a combination of two factors.
- » Hash (User Id and Password together) Verification
- » Signature Verification through Digital Signature Certificates
- Audit Logs maintained: Each activity is recorded with in the application with Log Id, Date & Time, User Id, Role, Activity Description, Activity Type, Machine IP address etc.
Each log record can be shipped to Log shipping server (on third party or client’s premises). The application audit logs and log shipping server can be verified at any point of time. - Security framework: It intercept all the request which comes from user and do the following activities to validate the user’s request:-
- » Hash verification of data: In this feature, system creates the hash of the submitted data on client’s machine using Hashing algorithms and generated hash of the page would be sent to server with the client request data. On server end, server receives the client request (submitted data with page hash) and generate the hash on the server for the received data and matches with the client’s page hash. If both the hashes matched then this framework allows to show the requested page to the end user otherwise redirects to Error page.
- » Checking for restricted words like ‘<script’, ‘/script>’, ‘onmouseover’, ‘prompt(’ etc., so that any malicious script should not run on server/ client
- » Validates user’s session and their credentials
- » Access rights checks
May 16, 2016
0 Comment