Transactional Security Policy
Our servers are behind a physical Firewall, thus they are NOT directly connected to the Internet.
When a user communicates with our server through a computer's Web browser, Secure Sockets Layer (SSL) automatically protects the interactions over HTTPS (Hypertext Transfer Protocol Secure). Before logging into the site, the server checks to make sure an approved browser is being used. Actually we only use the strongest protocols TLS2.0 and TLS3.0, as TLS1.0, TLS1.1, SSL2 and SSL3 has been reported as insecure.
Regarding Transactional Security, we always use the following principles:
• We always use the latest stable version of the CMS (Content management system) platform, to improve the security of our engine.
• All our web site work with Secure Sockets Layer (SSL) technology to encrypt the data which is passed from customer to web server and back. We update our SSL certificate every three months.
• All our servers software is always up to date, to avoid non-updated server vulnerability.
• Additional controls as CAPTCHA to prevent automated attacks.
• We use WAF (Web Application Firewall) who filters, monitors, and blocks HTTP traffic to and from our CMS (Content management system) preventing attacks stemming from security flaws.
• Periodically we employ specialized websites for online security assessment, where thanks to our efforts to protect the security of our clients we have obtained the highest A + on rating Immuweb.com and SSLlabs.com, see below:
Immuniweb Web Security Test
Immuniweb SLL Security Test
SSLlabs SSL Security Test