Security Assesment

Security

Cloud Based Secure Hosting:

Amgwebtime.com is hosted on Microsoft Azure cloud with Unified security management and advanced threat protection.

  • Azure continuously monitors the security of Amgwebtime.com using hundreds of built-in security assessments and uses actionable security recommendations to remediate issues before they can be exploited.
  • Provides unified view of security across all premises and cloud workloads. Automatically discovers and on-boards new resources, and applies security policies across hybrid cloud workloads to ensure compliance with security standards. Collects, searches, and analyzes security data from a variety of sources, including firewalls and other partner solutions.
  • Enables adaptive threat protections to reduce exposure to attacks. Blocks malware and other unwanted code by applying application controls adapted to specific workloads and powered by machine learning. Enables just-in-time, controlled access to management ports to drastically reduce surface area exposed to brute force and other network attacks.
  • Uses advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber attacks. Leverages built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitors networks, machines, and cloud services for incoming attacks and post-breach activity. Streamlines investigation with interactive tools and contextual threat intelligence.

On April 2017 software security firm Cigital, Inc. had performed assessment on AMGwebtime.com to assess the overall security posture of the website from a black-box perspective. This includes determining the site's ability to resist common attack patterns and identifying vulnerable areas in the internal or external interfaces that may be exploited by a malicious user. While performing the assessment of Amgwebtime.com, Cigital identified that security controls were effective in resisting common attack patterns like:

  • Authorization Attacks
  • SQL Injection

In addition several recommendation were made to improve overall security of the site and those were addressed accordingly.

Secure Certificate:

  • Amgwebtime.com uses TLS 1.2 (a strong protocol)
  • ECDHE_RSA with P-384 (a strong key exchange)
  • Signature algorithm: SHA256withRSA
  • Issuer: Go Daddy Secure Certificate Authority - G2

User Authentication page Policy:

Amgwebtime.com user authentication pages are protected with Google's Captcha to block a password-guessing attack known as a brute force attack.

Password Policy:

Amgwebtime.com utilizes Google's Strong Password Policy with minimum length of 9 characters per password.

File Upload Policy:

Amgwebtime.com has a restricted file upload for known executable file types such as (Exe,Com,Js,Dll,Bat ....)

Cross-Site Request Forgery Policy:

On Amgwebtime.com all form based request have a [Request Verification Token] that is generated by a custom made complex algorithm.

UI-Redresing:

HTTP response header "X-Frame-Options" is used in HTTP header to ensure that the content is not embedded into other site. This indicates that web browser should not be allowed to render a page in a <frame>, <iframe> or <object>.