-
-
-
- Introduction to security
- Secure development
- Security certification
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Other options concerning secure development
- Security analysis
- Secure deployment
- Secure application management
- Scrambling of testdata
- Anonymization of personal data
- Using robots.txt
- Permission settings
- Security measures
- Data encryption
Secure application management
The following page describes secure application management:
- Periodic checks on permissions matrices
It is advised to regularly check the permissions defined in the blueprint. Consider making this a recurring task for someone in the organization, for instance every six months. Let the person responsible explicitly document that this check has been done and that the permissions are in order.
Pay special attention to the permissions of anonymous user groups. If this application is live, search bots also visit the application als anonymous users. They crawl through all available URLs and can find unexpected gaps. By inspecting the permission matrix visually this risk can be (partially) mitigated. - Penetration test (pentest)
Using a vulnerability scan of ZAP, the application is tested thoroughly for risks. It is tested on, among others, XSS, SQL-injection, exposure of sensitive data, and many more risks. These scans are regularly updated to account for new risks. Crossmarx can conduct a pentest, but it is also possible to have it done by a third party. When having a third part do a pentest, always inform Crossmarx beforehand, as the test causes major irregular traffic on the server. - Security audit
In a security audit, a Crossmarx employee inspects the custom-made parts of the application. It is tested to be compliant with the secure development guidelines as described in these pages. This may lead to advice and tips.