The system encrypts data using AES and RSA encryption technology with a two-tier encryption key and decrypts the encrypted data with that key again. Encryption keys are specially produced and unique in each installation. Resolving or intercepting these keys can be called technically impossible.
The Status of Sensitive Data
All passwords entered on the system and similar critical information are encrypted with WISECP encryption technology and stored on the database. It is not possible to read or analyze this data on the database.
Database Access Security
On the WISECP database connection file, your database access information is never stored in plain text or simple. It is automatically encrypted with the initial installation. When needed, you can update the encrypted database information in plain text, which is then automatically encrypted again.
WISECP has an advanced blacklist database that all users use in common. When you blacklist a customer, customer-identifying information is processed into the WISECP public database, and all WISECP users are alerted to account details when an account is created with relevant customer data. Optionally, you can block purchases of blacklisted customers and avoid possible fraudulent activity.
With the "Prohibited List", you can prevent the creation of an account or purchase of new services with an unwanted "domain name, email, GSM number, and words". For example: if you want to If you don't want temporary email services or free email services (gmail, hotmail, etc.) to be used when creating an account, you can add the relevant domain addresses to the "Domain List" section. You can automatically block service intake by adding phrases used for phishing and illegal activities to the "Word List".
You can block operations that are performed by using a Proxy/VPN or a server. This means that your customers cannot make create accounts and many other operations without using a real IP address.
When the predetermined conditions (filters) occur, the document verification system comes into play and requires the customer to upload some documents to the system. For example: Identification, driver's license or passport etc. (Filters that can be used: Country/City | Age + Last Login Date + Account Type + Proxy/VPN Use + IP Subnet)
XSS, RFI Security
On the system, data inputs are always made and stored by passing through the filter. Security vulnerabilities such as XSS, RPS, etc. have no place on WISECP.
SQL Injection Security
All controls and tests related to the SQL Injection deficit have been carefully provided by our security experts. In addition, the WISECP uses the PDO-MYSQL structure.
XSS (Cross Site Scripting)
In terms of Reflected XSS, Stored/Persistent XSS, Dom XSS vulnerabilities, the system has been passed all necessary checks and tested by our security experts.
CSRF (Cross Site Request Forgery)
The system is safe from any interference using the CSRF vulnerability through form fields. Prevents security weaknesses with specially produced CSRF Token. Thus, it is protected against initiatives that may occur beyond the user's own will.
User Account Security
The system, has an advanced user account verification feature. Thus, even if the user access information is obtained, it cannot be logged on to the system and is subject to security verification. For more information and review, go to the Admin Area > Settings > Security Settings page.
BotShield; on WıSECP is an advanced bot security system. A firewall that detects all malicious attempts on Form fields and automatically requires Captcha validation. For more information and review, go to Admin Area > Settings > Security Settings. You can visit the BotShield tab.
You can show Captcha validation as mandatory for all form fields specified on the system. So the robots won't stand a chance.
Brute Force Security
All form fields specified on the system are subject to the number of trials. If the number of pre-determined attempts is exceeded, a blocking is applied, taking into consideration the IP address, cookies, browser data, until the specified period.
File Upload Security
File upload is not possible on the system except for predefined file extensions. Each downloaded file is named and stored as a random.