Security is of utmost importance. We go way above the security measures put in place by all the companies
we have worked for previously. Protection of private information stored in the application is ensured by the
use of secure SSL connections. The use of captcha and counting failed login atempts prevents "brute force" or "dictionary" login attacks.
We implement measures to avoid "session hijacking".
We store your passwords in the system but have no way of finding out what they are. We don't use
unencrypted connections to the server. This means no unencrypted FTP, RDP, SQL Server database connections or email connections like most IT companies have.
Access to web services are restricted to only allow validated user access. We use Google OAuth2 for the mobile app's connection to webservices.
We protect against
SQL injection, cross site scripting and forged postbacks. We only allow certain IP addresses to
administer. We use multi-factor authentication for all accounts when available.
We employ the principle of least privileges through our systems. We really are picky about security.
It is hosted in Microsoft Azure cloud system.
The database and website is backed up every three hours. The file store and the backups are mirrored offsite by Microsoft.
We automatically download, to our premises, the database, file store and website backups daily and get notified repeatedly if any fail until it is fixed.
The application is written in ASP.net. The data is stored in SQL Server. The more graphical
features are developed using HTML5. Microsoft Silverlight is used but it is being phased out.