Security by default
Concretely, deep testing has been processed in the following areas: Configuration and Deployment, Authentication and identity management, Authorization, Session management, Input validation and Client-side.
All the tests have been conducted by a third party specialist in a real-life situation and included many activities. Among other:
A brute force attack is a trial-and-error method used to decode sensitive data. The most common applications for brute force attacks are cracking passwords and cracking encryption keys. Other common targets for brute force attacks are API keys and SSH logins. Brute force password attacks are often carried out by scripts or bots that target a website’s login page.
HTTP Strict Transport Security (HSTS) is a simple and widely supported standard to protect visitors by ensuring that their browsers always connect to a website over HTTPS. The business impact is that an attacker suitably positioned on the same network as the victim could potentially make her connect to the application using insecure HTTP and sniff the traffic to obtain information or the victim’s authentication token.
Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website.
After many other security checks, we can conclude that our platform has been extensively challenged and nothing has been compromised.
Security is an ‘always on’ battle and we will keep running these audits on a regular basis and make every necessary effort to ensure we stay best-in-class.