Trivsels resurser

For reference see [Link]. Our app is built on top of the Cordova Framework which we upgrade regularly whenever new version are released. As such, our apps are just a website run locally on the device while interacting with our API’s. This also means that the only code we maintain is javascript/HTML/CSS. M1 – Improper Platform UsageWe only ask for the permissions we need. Currently that is internet connectivity, data storage, push notification, device id (used by push) M2 – Insecure Data StorageWe only store a user token for the logged in user. No PII og health data is

All interactions between our web servers and database servers are carried out by Entity Framework which ensures that no SQL statements are written “by hand” and all values are parameterized. Also, we have applied SQL Database Threat Detection to capture any anomality.

Use [Link] or [Link] and [Link] for guidance. We used Detectify to stay up to date with the current OWASP Top 10

Our API’s uses JWT and like technologies to facility authentication and authorization. Furthermore, we use Azure AD (and Azure AD B2C) to detect malicious login attacks.

We strive to follow the SDL for Agile Development where applicable in our software lifecycle. Code modifications to security related modules (database access and filtering, authentication, authorization etc.) is marked for Security Review by another Team Member with the necessary training and seniority. We use filtering and escaping libraries the validate and mitigate XSS and Injection attacks. Furthermore, large parts of our authentication and cryptography relies on proven technologies like Azure AD, Azure AD B2C and Azure KeyVault.

We use Detectify to test our services for vulnerabilities on a weekly basis. The system scans for 500+ known attacks and constantly adding more. If any new vulnerabilities show up then our Security Team is notified automatically.

We use Detectify to test our services for vulnerabilities on a weekly basis. The system scans for 500+ known attacks and constantly adding more. If any new vulnerabilities show up then our Security Team is notified automatically.

Is available from Microsoft Azure and for further details please see document “WLB Security document.pdf”

Is available from Microsoft Azure and for further details please see document https://wlbpubliccontent.blob.core.windows.net/public/E-bog%20dokumenter/Technical%20Fact%20sheet.pdf

Microsoft Azure – SaaS