All accounts accessing our Azure-tenant requires 2FA through Azure AD. Database: We use Azure SQL Server instances which have all been set up with SQL Server Audit, Azure SQL Threat
https://www.microsoft.com/en-us/TrustCenter/Compliance/iso-iec-27018
We are designing our system around GDPR and we will comply and disclose data categories before May 2017, but we are not ready to disclose that information yet.
For reference see [Link]. Our app is built on top of the Cordova Framework which we upgrade regularly whenever new version are released. As such, our apps are just a
All interactions between our web servers and database servers are carried out by Entity Framework which ensures that no SQL statements are written “by hand” and all values are parameterized.
Use [Link] or [Link] and [Link] for guidance. We used Detectify to stay up to date with the current OWASP Top 10
Our API’s uses JWT and like technologies to facility authentication and authorization. Furthermore, we use Azure AD (and Azure AD B2C) to detect malicious login attacks.
We strive to follow the SDL for Agile Development where applicable in our software lifecycle. Code modifications to security related modules (database access and filtering, authentication, authorization etc.) is marked
We use Detectify to test our services for vulnerabilities on a weekly basis. The system scans for 500+ known attacks and constantly adding more. If any new vulnerabilities show up
We use Detectify to test our services for vulnerabilities on a weekly basis. The system scans for 500+ known attacks and constantly adding more. If any new vulnerabilities show up
