Secure EventTracker

Security is a process, not a project

At EventTracker, we are always mindful of the trust that our customers place in us by installing and using our products. As part of our commitment, we are constantly reviewing our internal process and procedures during all phases of the engagement from the IT Security viewpoint. In the development phase, we follow the Security Development Lifecycle; an independent testing team uses standards based test cases and well known test tools. In the deployment phase, we provide detailed guidance on hardening the underlying platform and the EventTracker installation itself. In the maintenance phase, we ensure that patching and updates are subject to the same rigorous testing.

Standards

Documents

Security Tools

1. Design

  • Minimize default attack surface/Enable least privilege
  • Consider a Defense-in-depth approach
  • Consider past vulnerabilities
  • Deprecate outdated functionality
  • Enforce a secure default installation

3. Deployment

  • Least privilege deployment for both front and backend services
  • Reduced attack surface deployment
  • Automatic session expiration after a certain period of inactivity

2. Development

  • Adopt development security tools
  • Mandatory input validation for all untrusted inputs with a definable format, length, type and range. Otherwise, we mitigate risk with some other remediation depending on the risk (parameterized stored procedures, encoding, etc.)
  • Data encoding for all untrusted inputs using standard libraries
  • Enforce automated banned API replacement
  • Generic exception handling to help prevent information disclosure attacks
  • Self-code review using expert manual techniques and automated code analysis tools

5. Release & Maintenance

  • Ensure product team evaluates the severity of security bugs consistently
  • Disable tracing and debugging before Deploying ASP.NET Applications
  • Regularly perform vulnerability scanning using proprietary, commercial and open-source tools

4. Verification

  • Perform vulnerability assessment and penetration testing
  • Re-evaluate the attack surface of the software

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept