Our Security Measurement

Our Software End Security Measurement.

- CSRF on all form

- .env File direct path is accessible or not , like https://weforumbd.org/.env

- Other config file like .git .htaccess no accessible from .htaccess.

- Route Middleware grouping correctly.

- All directory where index File Is not there,  these are not accessible using .htaccess.

- All file upload type is Image and Doc.

- Directory Listing/Indexing disabled.

- Database User Permission System, like DROP specially deselect.

- kono URL e GET method e jodi data pass koro must Verify koro je proper data pass hocche kina - Special Character ‘ “ | etc pass hocche kina

- Passing data on URL encoded Formate.

- Scanned full project by CalmAV from cpanel.

Our Server end Security Measurement

Our Cloud Hosting by default:
●    DDoS Protection to keep our Hosts protected from any kind of DoS attack
●    Imunify+ Malware Protection Tool to keep our Hosts scanning recurringly, and remove Malwares on demand
●    ClamAV Antivirus Protection so that our clients also can themselves scan the host and remove Malware manually
●    Default Non-Disclosure Agreement on purchase to ensure that no single data of our clients will be leaked ever from our Staff-end intentionally ever
Besides all these, our clients can do the following setups from their cPanel and .htaccess to secure their hosts, because we have kept these provisions on cPanel:
●    SQL Injection Prevention
●    XSS Protection
●    Clickjacking
●    Session Hijacking
●    and More...
Furthermore, we have provided the following configuration provisions to our clients so that they can keep their host safer by keeping them updated:
●    We update our PHP and SQL versions once a stable LTE version gets released for Server-level
○    We warn clients if a PHP version is deprecated
○    We update the latest PHP version so that clients can upgrade their version to the latest PHP version, while many companies do not provide this facility 
●    We have kept the provision in the cPanel that client can enable/disable PHP extensions as per their need
○    Sometimes some extensions become vulnerable/backdated/deprecated, we warn customers about the backdated ones
○    If clients require to keep an unsafe extension disable, we provide them that provision
●    There is no provision in the cPanel to change cPanel Password, it is manageable from our CRM
○    This helps the cPanel more because if even somehow the cPanel is accessed by an unauthorized person, he will not be able to change the credential
●    We by default disable old protocols, and ports which are unsafe, this helps the clients protect their hosts and ports well
○    As an example, we keep SSH and FTP ports disabled and enable only on client demand
●    We never share credential manually by our staffs to the clients, but only share them automatically from the system which is an ISO security standard
○    When the client requests the credential, the system sends an Email
There are hundreds of measures that we take to keep our hosts secure for our clients. However, please remember that "just a secure host" cannot keep your application safe if your application has:
●    SQL Injection loophole
●    Weakly configured application
●    User and access level authentication loophole
●    Authentication rule loophole
●    Validation loophole
●    and others at the application level