Regroup places great importance on the security of our application and the data housed therein.
- We pass all network and website vulnerability tests.
- Regroup is protected with the following:
- SSL Security
Regroup uses 256-bit SSL (https) encryption site-wide. The connection uses TLS 1.0 protocol encrypted via AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. These security measures prevent stolen credentials, session hijacking, and access to sensitive information.
- OS-Level Firewall
Regroup uses an OS-Level Firewall. This protects against malware, spoofing attacks, security exploits, denial of service (DOS) attacks, and rootkits.
- Authorization Bypass Security
Regroup is secure from Authorization Bypass vulnerabilities. Authorization Bypass vulnerability allows attackers to gain unauthorized access to resources by circumventing access controls. This can be accomplished by disabling certain scripts, modifying parameters in a request, or finding links to secured areas that are protected by obfuscation.
- Cross Site Scripting (XSS) Security
Regroup is secure from Cross Site Scripting (XSS) vulnerabilities. XSS allows attackers to inject executable code into an unvalidated input that is then executed in a user’s browser when the page is loaded. Through this, an attacker may gain complete control of a user’s session, allowing him to alter page functionality to harvest data, phish for sensitive information, or steal user credentials and session information.
- Cross Site Request Forgery (CSRF) Security
Regroup is secure from Cross-Site Request Forgery (CSRF) vulnerabilities. CSRF vulnerabilities permit attackers to take advantage of a legitimate session established by a user to perform unauthorized actions on behalf of that user. Effectively anything the given user has permissions to do can be done without their knowledge by the attacker. These attacks can be very difficult to trace, as the activity appears to come from an authorized user.
- SQL Injection Security
Regroup is secure from SQL injection vulnerabilities. SQL injection vulnerabilities happen when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information to the attacker.
- Additional Security and Server Hardening:
- Login is only via ssh / secure keys
- Clients can use our direct SSH FTP (SFTP) access for delivering student information (eliminates security issues with email and the web)
- Use of captcha on signup page
- Regular review of vulnerabilities and new methods of hacking
- Multiple Data Centers and Redundancies
Please also see our FAQ about Data Centers and Redundancies here.