Security guidelines for Expertiza: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
No edit summary
Line 11: Line 11:
Each of the security upgrades covered in this section contribute to the end goal of a more secure Expertiza.
Each of the security upgrades covered in this section contribute to the end goal of a more secure Expertiza.


===Encryption==
===Encryption===
A lot of information stored in the Expertiza database is personally identifiable. Expertiza now implements transparent encryption of the data at rest to ensure that a comprise of the actual
A lot of information stored in the Expertiza database is personally identifiable. Expertiza now implements transparent encryption of the data at rest to ensure that a comprise of the actual
database or data leak does not yield any useful information to the adversary. This satisfies Expertiza's security goal of ensuring confidentiality.
database or data leak does not yield any useful information to the adversary. This satisfies Expertiza's security goal of ensuring confidentiality.

Revision as of 15:05, 2 May 2018

Security Guidelines

Web applications such as Expertiza present a complex set of security issues for users, designers, and developers. The most secure and hack-resilient Web applications are those that have been built from the ground up with security in mind.

In addition to applying sound architectural and design practices, incorporate deployment considerations and corporate security policies during the early design phases. Failure to do so can result in applications that cannot be deployed on an existing infrastructure without compromising security.

This guideline presents a set of secure architecture and design guidelines we have followed to ensure that Expertiza is designed with security at it's core.


Security Upgrades

Each of the security upgrades covered in this section contribute to the end goal of a more secure Expertiza.

Encryption

A lot of information stored in the Expertiza database is personally identifiable. Expertiza now implements transparent encryption of the data at rest to ensure that a comprise of the actual database or data leak does not yield any useful information to the adversary. This satisfies Expertiza's security goal of ensuring confidentiality.