V-Report Web Security
V-Report has upgraded it web security to ensure it meets International standards and safeguards the data and content of its website.With the installation of a market leading Web Application Firewall we are confident that in terms of website security V-Report in the background screening industry and many others has no equal in the South African market.
How a WAF Protects Against the OWASP Top 10 Threats
Injection
Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data.
Insecure direct object references may occur because applications do not always verify that the user is authorized for the target object. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
Cross-Site Request Forgery (CSRF)
A CSRF attack creates forged HTTP requests and tricks a victim into submitting them via image tags, XSS, or other techniques. If the user is authenticated, the attacker succeeds. CSRF takes advantage of Web applications that allow attackers to predict all the details of the transaction. Since browsers send credentials like session cookies automatically, attackers can create malicious web pages which generate forged requests that are indistinguishable from legitimate ones.
Security Misconfiguration
Security misconfiguration can happen at any level of an application attack, including the platform, web server, application server, framework, and custom code. Such flaws can give attackers access to default accounts, unused pages, unpatched flaws, unprotected files, and directories to gain unauthorized access to system data.
Insecure Cryptographic Storage
Many web applications do not properly protect sensitive data such as credit cards, Social Security Numbers (SSNs), and authentication credentials with appropriate encryption or hashing. Attackers may use this weakly protected data to conduct identity theft, credit card fraud, or other crimes.
Failure to Restrict URL Access
Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access and perform unauthorized operations by accessing those URLs directly.
Insufficient Transport Layer Protection
Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid certificates, or do not use them correctly.
Invalidated Redirects and Forwards
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
SSL (Secure Socket Layer)
V-Report runs a 256 Bit encryption secure socket layer certificate that encryptes all data that is transmitted between web pages therefore no data can be stolen using packet sniffers etc.
CDN (Content Delivery Network)
V-Report in conjunction with its supplier uses TrueSpeed technology to distribute our content over our global content delivery network (CDN) - increasing website speed up to 40%.and reducing bandwidth at the same time. By doing this the V-Report website gets a huge performance boost, it become a faster site to use and the benefits is there for all our users in a great user experience.
PCI Compliance
As from January 2014 V-Report will be PCI Compliant in terms of legislation relating to the handling of credit card transactions. By accepting credit cards online, our website must comply with PCI DSS Standards.
