Eventure online stores personal data. For Parthen therefore it is of the utmost importance to protect this data. Several security measures have been implied to ensure the application and database security. Because of the company critical information, these security measures have not been described in detail.
The communication of data is ssl secured. The ssl certificate used is a Comodo Multi-Domain SSL certificate. Payment data and Credit card numbers are handled and stored by the secure environment of the payment providers.
Measures against the OWASP Top 10:
The OWASP Top 10 comprises the 10 most common vulnerabilities in a web server or application. The application and the database have been protected against these vulnerabilities.
Security Assessment 2010:
In February 2010 there a security assessment study has been done by MADISON Gurkha BV. MADISON Gurhka is specialized in web security. On request they tried to access the data to determine the security of the application.
Security of the webservers:
Our Infrastructure is double redundant (firewalls, switches etc). Traffic is captured along the firwall and proxy. Our web servers are hosted by Virtual Sciences. Their role is to ensure the security of the webservers. They maintain the firewall / anti-virus updates, software updates to the servers and other maintenance and monitor the performance. There is 24 / 7 support contract with a response time to problems within 2 hours.
Parthen internal password policy consists of changing the Eventure administrator passwords every 2 months. Eventure doesn’t enforce a password policy on the user environment. Changing the password is the responsibility of the user. The password can only be changed by the Eventure administrators.
Disaster recovery en continuity management
- Eventure databases and aplication are redundant. In an incident at the primary database the standby database takes over. Same works for the application Both databases are continuously synchronized.
- Eventure runs in a virtualized environment. The virtual machines runs in our private cloud and can be restored, at any time within the virtualized environment. Our customer environments running on Blade servers in a so-calledblade chassis.
Both the servers and the chassis have a failover mechanism. All hardware has a 24x7 onsite support in the event something goes wrong.
- The data of Eventure is daily (incremental) backed up weekly and find an entirebackup location. The data can be in an emergency the day before gerestored.
- The code of Eventure is stored in our repository system (SVN) and daily backed upedThis means that the code is stored centrally.