Application security
External security assessments¶
Regular security audits and penetration tests are carried out on the Apteco software and Apteco Cloud environment. This process includes several days annually of in-depth dedicated penetration testing by an independent third-party security consultancy.
Further automated security scans, also by independent third-party security consultants, take place every week.
Credential rules¶
The credentials used to log in to Apteco Cloud use best practices for password rules. On-premise deployments of Apteco software can be configured to use Single Sign-On (SSO) and other authentication policies, such as password length, character rules, password expiry, and reuse limits.
Product features for security¶
Apteco software includes many features that contribute to a secure environment for the application and user data. For example, limiting the velocity of data that can be exported and locking out a user ID after excessive failed login attempts. Other security-related features include:
- Secure HTTPS/SSL connections
- Web service operates in DMZ
- Web service holds no persistent data
- Single port and protocol from DMZ
- Password length and content limits
- Password expiry and re-use limits
- Login retry counter and lock out
- Multi-factor authentication (MFA) with one-time passcode (OTP) support
- Two-stage file transfers through authenticated web service request only
- Session expiry timer
- Session inactivity timer
- User identity encryption
- Suppress previous user / database names
- SHA256 password hashing
- Generic failed login responses
- Automatic audit trail of all user activity