HTTPS versus HTTP, the debate is over.

Image


SSL is secure socket layer  ie. HTTPS:// instead of HTTP://

Every web page that is sent via HTTP:// is in plan text and can easily be intercepted or even changed via what is know as "man in the middle" or "man on the side" attacks.

Mobile network provides often  "improve" HTTP web pages by injecting their own scripts & images, often these unwanted "improvements" break the page being served. HTTPS prevents the carriers from being able to inject their own content.

Even when you only access the system via

How to test Access Control Limits (ACLs)?

Image

Overview

Access Control Limits (ACLs) are the expression of the systems information security policies, they can be complex in their nature and vital to not only be correct but also to be seen as correct. The ACLs sanity checks allow for this business level visibility to the information security policies.

All sanity checks in the base product are run as part of the system build process which does not proceed  if there are any failures.

The sanity checks allow for dummy data to be generated ( but not saved) and the

Upgraded the default site SSL to get an A+ grade

Image

Overview

The default SSL handler for the hosted sites has been upgraded to include "perfect forward secrecy" and we have dropped support for the weaker SSL ciphers. 

The drop of the weaker SSL ciphers means old browsers such as Windows XP IE7 will no longer be able to connect via HTTPS. IE7 will still be able to connect to the non-encrypted HTTP sites or alternatively Windows XP users can use more modern browsers Chrome or Firefox. 

HTTP Strict Transport Security (HSTS) has been enabled by default, HSTS