Auditing Firewalls

(Aug 17, 2019)

In a recent blog I discussed the security improvements brought by changing our certification authority, but that isn't our only recent change. Our v2.8 release contained a number of other technology changes and improvements and we'll discuss a couple of them here.

The first was our implementation of a Web Application Firewall (WAF) on all of our services. Just as a network firewall scrutinises and blocks traffic at the network layer, a WAF functions as a gatekeeper higher up the stack, at the level of the web application. A WAF can fully scrutinise the content of http-level requests and block any that violate defined security rules.

We chose the modsecurity WAF as it was the best fit with our existing platform,…

Read more

Tags: technology, defence in-depth

Resetting Certificates

(Aug 14, 2019)

Web site certification supports the key exchange enabling secure encrypted communication between browser clients and server applications. This is why industry giant Google launched a campaign in 2014 that all web applications should use a browser-recognised certificate authority (CA) and offer encrypted access. In practice Google proposes that all website URLs should begin with the encrypted protocol https://, rather than the identifier for the unencrypted alternative protocol http://. While Longevitas applications have always offered only encrypted access, since our version 2.8 release you might have noticed a change in how we certify our web applications and services, and this blog is a brief…

Read more

Tags: technology, defence in-depth

Find by key-word

Find by date

Find by tag (show all )