|
|
11.
|
AES Encryption of Session Data: ALL session data stored temporarily in the servers memory heap is first encrypted with
AES (Advanced Encryption Standard) encryption. In the extremely unlikely event a hackers gains access the servers memory the only
data they will see is strongly encrypted. Also coding techniques such as the using directive is employed so that even the server's
stack data is destroyed immediately after the data is encrypted and added to the session.
|
|
|
|
|
12.
|
Open Redirects: Open redirects can be used as a "man in the middle" attack vector.
If a web application uses open redirects without checking that the redirect is only redirecting
within their own domain a hacker can send an unsuspecting user to a "duplicate" malicious site and the
user doesn't even know this has happened. They are asked to log in on the malicious site (which looks
perfectly legit) and their information is recorded but then they are redirected back to the correct
site nun the wiser. Community Builder does NOT use open redirects at all so this can not be used as
an attack vector against Community Builder members!
|
|
|
|
|
13.
|
No Cookie Policy: We love Cookie monster but he would likely starve on Community Builder because we have no cookies. To
those who may be unaware cookies can represent a security threat in certain cases. Using XSS (cross site
scripting attacks) hackers can steal your cookies and use them in a variety of malicious ways. Community
Builder does NOT use cookies... at all...period! This thwarts any possible attack vectors that use cookies
since there are none to steal...at all...period!
|
|
|