-
-
-
- Introduction to security
- Secure development
- Security certification
- Security Exam
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Other options concerning secure development
- Security analysis
- Secure deployment
- Secure application management
- Scrambling of testdata
- Anonymization of personal data
- Using robots.txt
- Permission settings
- Security measures
- Data encryption
-
- Search Engine Optimization
- OTP
- User Interface migration guide
- User account management
- Instructies voor implementatie van visueel editen van nieuwsbrieven
- Login as another user
- Support
- More information about moving to User Interface Version 4.0
- Standaard page layout
- Sections moved to layout
- Aanpassingen in release 2024-7
- Media library
- Aanpassingen in release 2024-10
- Analytics and Matomo
- Registration forms
- How to change names of classes and fields?
- Responsible Disclosure Policy
- How to upload a blob in Velocity?
- Aanpassingen in release 2024-2
- Instances
- Google Analytics
- Street and City helper (postcodecheck)
- Responsible disclosure-beleid
- Postcode check service (straat en huisnummer) kosten
- Expressions
- Regular Expression Reference
Security measures
What security measures are taken?
- The Linux servers and data are protected by a firewall. Access to the server is managed by using SSH. The Linux servers are monthly provided with the latest upgrades and security patches.
- The software is regularly part of penetration testing or auditing procedures of some of our clients. If improvements are recognized generic solutions (if possible) are implemented so that any application can benefit. After the explicit approval of CrossmarX, clients are allowed to audit the application.
What monitoring is done?
- Servers CrossmarX, workload and resource consumption. On anomalous values actions can be taken.
- Applications: relevant entries. For example if strangers on major entries do many failed attempts to log in.
- Illogical facts. Unusually many requests and loops.
- The supplier of the virtual servers gives indication of DDOS attacks.
- The supplier of virtual servers provides information with respect to the health of switches and routers. When overloaded a switch will be made.
What specific measures are possible for my specific application?
- User login using SSL.
- Domain-specific certificate.
- Encrypted storage of passwords.
- IP authentication. Certain usergroups may only access the application from allowed and known IP addresses.
- Enforce password strength
- Encrypt specific fields and their values in the database (additional costs).
- You can analyse vulnerabilities and possible risks in the backstage.