Application security

External security assessments

Regular security audits and penetration tests are carried out on the Apteco software and Apteco Cloud environment. This process includes several days annually of in-depth dedicated penetration testing by an independent third-party security consultancy.

Further automated security scans, also by independent third-party security consultants, take place every week.

Credential rules

The credentials used to login to Apteco Cloud use best practices for password rules. On-premise deployments of Apteco software can be configured to use Single Sign On (SSO) and other authentication policies, such as password length, character rules, password expiry, and reuse limits.

Product features for security

Apteco software includes many features that contribute to a secure environment for the application and users data. For example, limiting the velocity of data than can be exported and locking out a UserId after excessive failed login attempts. Other security related features include:

• Secure HTTPS/SSL connections

• Web Service operates in DMZ

• Web Service holds no persistent data

• Single Port & Protocol from DMZ

• Password length & content limits

• Password expiry & re-use limits

• Login retry counter and lock out

• Two stage file transfers through authenticated web service request only

• Session expiry timer

• Session inactivity timer

• User identity encryption

• Users accounts disabled from a date

• Suppress previous user / database names

• SHA256 password hashing

• Generic failed login responses

• Automatic audit trail of all user activity