Security is of utmost importance. We go way above the security measures put in place by all the companies
we have worked for previously. Protection of private information stored in the application is ensured by the
use of secure SSL connections. The use of captcha prevents "brute force" or "dictionary" login attacks.
We implement measures to avoid "session hijacking".
We store your passwords in the system but have no way of finding out what they are. We don't use
unencrypted connections to the server. This means no unencrypted FTP, RDP, SQL Server database connections or email connections like most IT companies have.
Access to web services are restricted to only allow validated user access. We use Google OAuth2 for the mobile app's connection to webservices.
Encryption is used to obscure parts
of the web.config file such as the database connection strings section. We protect against
SQL injection, cross site scripting and forged postbacks. We only allow certain IP addresses to
administer the server. From unauthorised IP addresses you can only send us email or use web pages.
We employ the principle of least privileges through our systems especially with
SQL Server. We really are picky about security.
Database transactions are backed up hourly and a 7 day rolling full backup is made daily.
We keep an offsite backup of the application and data which is transferred offsite
It is hosted on a dedicated Windows 2012 server which is monitored 24 hours a day.
The application is written in ASP.net version 4.5. The data is stored in SQL Server 2012. The more graphical
features are developed using HTML5. Microsoft Silverlight is used but it is being phased out.