On April 2017 software security firm had performed assessment on AMGwebtime.com to assess the overall security posture of the website from a black-box perspective. This includes determining the site's ability to resist common attack patterns and identifying vulnerable areas in the internal or external interfaces that may be exploited by a malicious user. While performing the assessment of Amgwebtime.com, Cigital identified that security controls were effective in resisting common attack patterns like:
In addition several recommendation were made to improve overall security of the site and those were addressed accordingly.
Amgwebtime.com user authentication pages are protected with Google's Captcha to block a password-guessing attack known as a brute force attack.
Amgwebtime.com utilizes Google's Strong Password Policy with minimum length of 9 characters per password.
Amgwebtime.com has a restricted file upload for known executable file types such as (Exe,Com,Js,Dll,Bat ....)
On Amgwebtime.com all form based request have a [Request Verification Token] that is generated by a custom made complex algorithm.
HTTP response header "X-Frame-Options" is used in HTTP header to ensure that the content is not embedded into other site. This indicates that web browser should not be allowed to render a page in a <frame>, <iframe> or <object>.
Amgwebtime.com is hosted on Microsoft Azure cloud with Unified security management and advanced threat protection.
Copyright © 2018 AMG Employee Management. All rights reserved.