Learn how SEiNG is built to prioritise your security.

Our development team follows industry-leading best practices, including the globally recognised OWASP Top 10, to proactively address critical web application security risks. In addition, SEiNG adheres to the Product Security and Telecommunications Infrastructure Act (PSTI), ensuring compliance with rigorous security standards to safeguard your data.

SEiNG.cloud prioritises the security of your data and applications. Our development teams diligently adhere to the OWASP Top 10, a globally recognised standard for the most critical web application security risks. By focusing on these key vulnerabilities, we proactively mitigate potential threats and ensure the highest level of security for our customers.

Key measures we implement to protect your information.

Broken Access ControlBroken Access Control

  1. Implement Role-Based Access Control (RBAC): Define and enforce access permissions based on user roles. Users can be assigned various roles on the platform, or custom roles can be assigned (guest, editor, etc)
  2. Use Principle of Least Privilege: Ensure that users and services have only the minimum access necessary.
  3. Regularly Review and Update Permissions: Continuously audit and adjust access controls based on changes in roles or system components.
  4. Implement Strong Authentication: Ensure robust authentication mechanisms, such as multi-factor authentication (MFA), to prevent unauthorized access. Users and subaccounts can enable MFA.
  5. Use Secure Session Management: Properly manage user sessions, enforce timeouts, and regenerate session IDs after authentication events. The platform uses JWT for which the expiry time can be defined.

Cryptographic FailuresCryptographic Failures

  1. Use Strong Cryptographic Algorithms: Implement well-known and tested cryptographic algorithms such as AES for encryption and SHA-256 for hashing.
  2. Enforce Encryption: Encrypt sensitive data both at rest and in transit using TLS/SSL for communications.
  3. Regularly Update Cryptographic Libraries: Keep cryptographic libraries and protocols up to date to protect against vulnerabilities.
  4. Implement Proper Certificate Management: Use strong, valid certificates and manage their lifecycle correctly to prevent man-in-the-middle (MITM) attacks.

InjectionInjection

  1. Use Parameterized Queries: Implement parameterized queries and prepared statements to prevent SQL injection.
  2. Validate and Sanitize Inputs: Ensure all inputs are validated and sanitized to avoid code injection attacks.
  3. Employ Safe API Calls: When interacting with external systems, use safe APIs and avoid passing untrusted data directly.
  4. Regular Code Reviews: Conduct regular code reviews and static code analysis to identify and fix potential injection flaws.

Insecure DesignInsecure Design

  1. Adopt Secure Software Development Lifecycle (SDLC): Integrate security practices from the beginning of the design phase.
  2. Threat Modeling: Regularly perform threat modeling to identify and mitigate potential security risks early in the design process.
  3. Design for Security: Use secure design principles, such as defense in depth and secure by default.
  4. Conduct Security Training: Train developers and designers in secure coding and design practices.
  5. Use Secure Design Patterns: Apply established secure design patterns and frameworks to ensure security is built into the application architecture.

Security MisconfigurationSecurity Misconfiguration

  1. Harden Configurations: Secure default configurations, disable unnecessary features, and limit administrative interfaces.
  2. Automate Configuration Management: Use configuration management tools to automate and enforce secure configurations.
  3. Conduct Regular Audits: Regularly audit and update configurations to ensure compliance with security policies.
  4. Implement Environment Segregation: Separate development, testing, and production environments to minimize the risk of configuration errors.
  5. Use Security Benchmarks: Follow security benchmarks such as CIS Benchmarks for configuring systems and applications.

Vulnerable and Outdated ComponentsVulnerable and Outdated Components

  1. Regularly Update Dependencies: Keep all software dependencies and libraries up to date with the latest security patches.
  2. Use Dependency Scanners: Employ tools that scan for known vulnerabilities in dependencies and suggest updates.
  3. Monitor Security Advisories: Stay informed about vulnerabilities and patches related to the components you use.
  4. Prefer Well-Maintained Libraries: Choose libraries and components that are actively maintained and have a good security track record.
  5. Implement a Software Bill of Materials (SBOM): Maintain an inventory of all software components to manage and track vulnerabilities.

Identification and Authentication FailuresIdentification and Authentication Failures

  1. Implement Multi-Factor Authentication (MFA): Require MFA to add an extra layer of security beyond passwords.
  2. Use Strong Password Policies: Enforce strong password policies and encourage users to use password managers.
  3. Secure Authentication Mechanisms: Use secure authentication protocols such as OAuth2 and OpenID Connect.
  4. Regularly Review Authentication Logs: Monitor and analyze authentication logs for suspicious activities.
  5. Implement Account Lockout Mechanisms: Lock accounts after a certain number of failed login attempts to prevent brute-force attacks.

Software and Data Integrity FailuresSoftware and Data Integrity Failures

  1. Implement Code Signing: Use digital signatures to verify the integrity and authenticity of software components.
  2. Use Secure Update Mechanisms: Ensure updates are delivered securely and verified before installation.
  3. Monitor for Tampering: Regularly monitor and verify the integrity of software and data.
  4. Implement Version Control: Use version control systems to manage changes and detect unauthorized modifications.
  5. Apply Data Validation: Ensure all data is validated and sanitized to prevent tampering and corruption.

Security Logging and Monitoring FailuresSecurity Logging and Monitoring Failures

  1. Implement Comprehensive Logging: Log all security-relevant events, including access attempts, system changes, and errors.
  2. Use Centralized Logging Solutions: Collect and analyze logs centrally to detect and respond to security incidents.
  3. Monitor Logs Regularly: Regularly review and analyze logs for signs of suspicious activities.
  4. Protect Logs: Ensure log integrity and confidentiality by securing log storage and transmission.
  5. Establish Alerting Mechanisms: Set up alerts for critical security events to enable rapid response.

Server-Side Request Forgery (SSRF)Server-Side Request Forgery (SSRF)

  1. Validate and Sanitize URLs: Ensure that any URLs or IP addresses accepted by the application are validated and sanitized.
  2. Use Whitelisting: Implement a whitelist of allowed URLs and IP addresses that the server can access.
  3. Restrict Network Access: Limit the server’s ability to make outbound requests to internal or sensitive networks.
  4. Implement Network Segmentation: Segment the network to restrict access between different parts of the application infrastructure.
  5. Use Web Application Firewalls (WAF): Employ WAFs to detect and block SSRF attacks by inspecting incoming requests.

Product Security and Telecommunications Infrastructure Act (PTSI) compliance

  1. SEiNG has been developed with “Security by Design,” ensuring that security is built into the product from the very beginning to protect against potential vulnerabilities.
  2. Regular security updates, applying necessary patches and fixes to vulnerabilities
  3. Incident reporting

Incident Response and Reporting: In alignment with the PSTI Act, SEiNG has implemented clear procedures for detecting and responding to security incidents, ensuring timely reporting and resolution of any breaches or threats.

Compliance with Government Regulations: SEiNG keeps up to date with relevant laws and regulations related to cybersecurity and telecommunications infrastructure, ensuring ongoing adherence to the PSTI Act.

Back to Security Centre
To top