Contracting & Compliance
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Contracting & Compliance

      OWASP Alignment

      eXpress badging® builds the Veonics® Portal and related services with security “baked in, not bolted on.”

      🛡️ To achieve this, we align our development, input validation, and data handling practices with the OWASP (Open Worldwide Application Security Project) recommendations — the global community standard for secure application design.

      🌍 What is OWASP?

      • A nonprofit foundation improving software security worldwide.

      • Publishes the OWASP Top 10 — the 10 most critical security risks for web applications.

      • Provides best practices for secure coding, testing, and deployment.

      🔗 Learn more: OWASP Official Site

      🔑 How We Apply OWASP Recommendations

      1. 🔐 Injection Prevention

      • All database access uses parameterized queries.

      • No direct concatenation of user input into SQL statements.

      2. 👥 Authentication & Session Security

      • Strong password enforcement.

      • MFA required for elevated accounts.

      • Automatic session timeouts (≤15 minutes idle).

      3. 📦 Sensitive Data Protection

      • TLS 1.2+ encryption in transit.

      • AES-256 encryption at rest.

      • AWS KMS for key management.

      4. 🖥️ Cross-Site Scripting (XSS) Defense

      • Input validation on all fields.

      • Output encoding before rendering back to users.

      5. ⚙️ Security Configuration

      • AWS VPC segmentation, firewalls, and SOC monitoring.

      • Hardened servers and restricted ports.

      6. 🎫 Access Control

      • Role-based access control (RBAC) with least privilege.

      • Segmentation by organization hierarchy in the Veonics® Portal.

      7. 📂 File Upload Controls

      • Allowed file types: .jpg, .jpeg, .png, .gif only.

      • Malware scanning applied on all uploads.

      • Metadata validation to prevent disguised executables.

      8. 📜 Logging & Monitoring

      • System activity logged and monitored by a managed SOC.

      • Alerts generated for anomalous access or injection attempts.

      9. 📚 Secure Dependencies

      • Development libraries monitored and patched regularly.

      • Deprecated components replaced proactively.

      10. 🧪 Security Testing

      • Quarterly penetration tests and vulnerability scans.

      • Code review and QA testing aligned with secure SDLC.

      📊 NIST CSF 2.0 Alignment

      Function OWASP Example
      Identify (ID) Risks mapped to OWASP Top 10
      Protect (PR) Input validation, parameterized queries, file restrictions
      Detect (DE) SOC monitoring of logs and anomalies
      Respond (RS) Incident escalation per Breach Response Plan
      Recover (RC) Patch deployment and quarterly pen test reviews
      Govern (GV) Management-approved secure coding standards

      🔗 Related Articles