We are the proverbial “new kid on the block” and we are yet to prove ourselves. Security is something most people are concerned on the internet and rightfully so. Not every website is safe and it takes a constant attention and care to make and keep a website secure for users.
In this post, we would like to briefly discuss the actions we have taken to make your experience secure at Wisejay.com. Before we talk about that, let us understand how your computer or cell phone connects to the websites.
A Simple Network
The above picture shows a very simplistic network. The “Client” is the browser on your computer or cell phone. The “Web Server” in our case in the server using which we are sending the website contents to your browsers. The “Database” is another server which contains the data you save using the website.
Believe it or not, many web attacks can start browsers. For example, in Cross Site Scripting (XSS) attack, an attacker sends malicious code to your browser. The code is designed to steal your information from cookies, session tokens, etc. For example, they can access your passwords for banking websites.
Data is transmitted through the internet in the form of Data-gram packets with details of the sender and receiver in the header. Without proper encryption and authentication (that your browser is receiving information from a trusted source) any person with the necessary skillscan intercept, send and receive data not meant for them. This is called Man in the Middle attack.
Server Side Attacks:
These attacks try to steal the data from a database or make the server fail. For example, an SQL Injection attack tries to include malicious code in the user input, which can change the database interaction with the web server from the interaction intended by the developers. They can get access to data without authorization or damage the database.
What we are Doing
Web security in a continuous process and as we grow, we will continue to make it a priority to protect your security on our website
As shown above, we have taken various steps to secure your experience. We will discuss some of the above. We do not want to reveal all details because that can make us vulnerable to attack
Content Security Policy (CSP)
This is how Mozilla defines Content Security Policy :
“Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.”
CSP becomes part of the HTTP header and allows browsers control which scrips or commands to run and which one to ignore. We use strict CSPs to protect you from XSS and other type of attacks.
Secure Sockets Layer (SSL) :
We use SSL certificate provided by industry leader Comodo. This safeguards your data while in transit by encryption and authentication.
We use Amazon Web Services to host our website. AWS provides a firewall to protect web applications. It provides a network-based blocking mechanism. You can define what ports of the server can be accessed from which IPs and for what kind of data.
Server Security Settings
Our servers are configured to prevent various types of injection attacks.
Hashing of sensitive credentials
We encrypt sensitive user information such as passwords to protect your privacy.
Access Control of Database
Access to database and other resources is only allowed on a need to know basis.
Thank you for reading. For more information or concerns write to us – firstname.lastname@example.org