Security LevelsRelease Date: 2019/04/30
The system encrypts data using AES and RSA encryption technology with a two-tier encryption key and decrypts the encrypted data with that key again. Encryption keys are specially produced and unique in each installation. Resolving or intercepting these keys can be called technically impossible.
The Status of Sensitive Data
All passwords entered on the system and similar critical information are encrypted with WISECP encryption technology and stored on the database. It is not possible to read or analyze this data on the database.
Database Access Security
On the WISECP database connection file, your database access information is never stored in plain text or simple. It is automatically encrypted with the initial installation. When needed, you can update the encrypted database information in plain text, which is then automatically encrypted again.
XSS, RFI Security
On the system, data inputs are always made and stored by passing through the filter. Security vulnerabilities such as XSS, RPS, etc. have no place on WISECP.
SQL Injection Security
All controls and tests related to the SQL Injection deficit have been carefully provided by our security experts. In addition, the WISECP uses the PDO-MYSQL structure.
XSS (Cross Site Scripting)
In terms of Reflected XSS, Stored/Persistent XSS, Dom XSS vulnerabilities, the system has been passed all necessary checks and tested by our security experts.
CSRF (Cross Site Request Forgery)
The system is safe from any interference using the CSRF vulnerability through form fields. Prevents security weaknesses with specially produced CSRF Token. Thus, it is protected against initiatives that may occur beyond the user's own will.
User Account Security
The system, has an advanced user account verification feature. Thus, even if the user access information is obtained, it cannot be logged on to the system and is subject to security verification. For more information and review, go to the Admin Area > Settings > Security Settings page.
BotShield; on WıSECP is an advanced bot security system. A firewall that detects all malicious attempts on Form fields and automatically requires Captcha validation. For more information and review, go to Admin Area > Settings > Security Settings. You can visit the BotShield tab.
You can show Captcha validation as mandatory for all form fields specified on the system. So the robots won't stand a chance.
Brute Force Security
All form fields specified on the system are subject to the number of trials. If the number of pre-determined attempts is exceeded, a blocking is applied, taking into consideration the IP address, cookies, browser data, until the specified period.
File Upload Security
File upload is not possible on the system except for predefined file extensions. Each downloaded file is named and stored as a random.