eXpress badging® builds the Veonics® Portal and related services with security “baked in, not bolted on.”
🛡️ To achieve this, we align our development, input validation, and data handling practices with the OWASP (Open Worldwide Application Security Project) recommendations — the global community standard for secure application design.
🌍 What is OWASP?
-
A nonprofit foundation improving software security worldwide.
-
Publishes the OWASP Top 10 — the 10 most critical security risks for web applications.
-
Provides best practices for secure coding, testing, and deployment.
🔗 Learn more: OWASP Official Site
🔑 How We Apply OWASP Recommendations
1. 🔐 Injection Prevention
-
All database access uses parameterized queries.
-
No direct concatenation of user input into SQL statements.
2. 👥 Authentication & Session Security
-
Strong password enforcement.
-
MFA required for elevated accounts.
-
Automatic session timeouts (≤15 minutes idle).
3. 📦 Sensitive Data Protection
-
TLS 1.2+ encryption in transit.
-
AES-256 encryption at rest.
-
AWS KMS for key management.
4. 🖥️ Cross-Site Scripting (XSS) Defense
-
Input validation on all fields.
-
Output encoding before rendering back to users.
5. ⚙️ Security Configuration
-
AWS VPC segmentation, firewalls, and SOC monitoring.
-
Hardened servers and restricted ports.
6. 🎫 Access Control
-
Role-based access control (RBAC) with least privilege.
-
Segmentation by organization hierarchy in the Veonics® Portal.
7. 📂 File Upload Controls
-
Allowed file types: .jpg, .jpeg, .png, .gif only.
-
Malware scanning applied on all uploads.
-
Metadata validation to prevent disguised executables.
8. 📜 Logging & Monitoring
-
System activity logged and monitored by a managed SOC.
-
Alerts generated for anomalous access or injection attempts.
9. 📚 Secure Dependencies
-
Development libraries monitored and patched regularly.
-
Deprecated components replaced proactively.
10. 🧪 Security Testing
-
Quarterly penetration tests and vulnerability scans.
-
Code review and QA testing aligned with secure SDLC.
📊 NIST CSF 2.0 Alignment
Function | OWASP Example |
---|---|
Identify (ID) | Risks mapped to OWASP Top 10 |
Protect (PR) | Input validation, parameterized queries, file restrictions |
Detect (DE) | SOC monitoring of logs and anomalies |
Respond (RS) | Incident escalation per Breach Response Plan |
Recover (RC) | Patch deployment and quarterly pen test reviews |
Govern (GV) | Management-approved secure coding standards |