The security of our clients is our priority
Expert knowledge, outstanding proficiencies from our dedicated staff and operational procedures based on a solid set of principles known as DIGITAL AGILITY – these are MakoLab’s advantages that enabled us to prepare our offer of security management services for web applications, both in a modular variant, which allows clients to choose particular services, or as a complete process composed of subsequent phases, which establishes the full security of our clients’ web applications.
Service modules
- Generating awareness of security risks involved in possessing and operating web applications,
- Control of the susceptibility of applications to online attacks – information leakages, injection attacks
- Control of security of applications and data – authentication, access, transmission channels
- Secure backup procedures (distributed backup – files stored in multiple locations, encryption of data)
- Automation and regular auditing
- Compliance with PCI DSS
- Tests of application performance
- Secure hosting - web application firewall, web proxy, ENX Network
A significant part of security management for web applications is based on tests conducted on a one-time or regular basis using the most relevant commercial and non-commercial tools for the analysis of the applications security (as selected by our experts), based on data provided by OWASP – the Open Web Application Security Project. We use the most renowned and highly recommended solutions – including the OWASP Top Ten:
- A1 Injection
- A2 Broken Authentication and Session Management
- A3 Cross-Site Scripting (XSS)
- A4 Insecure Direct Object References
- A5 Security Misconfiguration
- A6 Sensitive Data Exposure
- A7 Missing Function Level Access Control
- A8 Cross-Site Request Forgery (CSRF)
- A9 Using Components with Known Vulnerabilities
- A10 Unvalidated Redirects and Forwards
Secure hosting solutions
- Securing applications by means of a layer 7 firewall (web application firewall)
- Securing data and applications according to guidelines from PCI DSS and in an infrastructure built representing these norms (separation of function, secure data transmission, access control, regular tests etc.)
- Transferring sensitive data by means of a dedicated and highly secure ENX network (European Network eXchange), with a terminal in MakoLab’s Data Centre
Additionally, we offer a remote secure backup service, which consists of storing sensitive data in encrypted archives and their transmission/synchronisation by means of encrypted communication channels. Data is stored in a minimum of two geographically separate locations. It is possible to create backup copies of data on optical data carriers – which are stored in secure safe storages.
Our knowledge, experience and wide selection of services in the field of the security of web applications have been employed by clients such as Renault SAD and DIAC.