The first layer of security is the built-in security protocols enhanced via our Django application. Django is a python-based web framework. Those built-in security protocols include, but are not limited to: Cross site scripting (XSS) protection, Cross site request forgery (CSRF) protection, SQL injection protection, and Clickjacking protection.
The second layer of protection comes from Cisco’s Duo MFA platform. Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. Duo is engineered to provide a simple, streamlined login experience for every user on Engages, and as a cloud-based solution, it integrates easily with our application.
All static files are stored using Amazon Simple Storage Service (Amazon S3). AWS S3 is an object storage service that offers industry-leading scalability, data availability, and security. All computations are performed using Amazon Elastic Compute Cloud (Amazon EC2), which is a web service that provides secure, resizable compute capacity in the cloud.
For reference, XSS attacks allow a user to inject client side scripts into the browsers of other users. CSRF attacks allow a malicious user to execute actions using the credentials of another user without that user’s knowledge or consent. SQL injection is a type of attack where a malicious user is able to execute arbitrary SQL code on a database. This can result in records being deleted or data leakage. Clickjacking is a type of attack where a malicious site wraps another site in a frame. This attack can result in an unsuspecting user being tricked into performing unintended actions on the target site.
Leave a Reply