Follow us on
Difitek
  • News
  • What We Offer
  • Contact Us
  • Visit our Site

Crowd Valley Platform Passes Bank-Grade Security Audit

6/13/2017

 
Crowd Valley Bank Grade Security Platform
Working with one its large retail bank customers, Crowd Valley has successfully passed an enhanced, independent security audit undertaken by one of the world’s leading information security consulting firms. 
​
This third party verification confirms the stability and security for sophisticated users of the company’s products and services, and sets the platform up for even more institutional applications around the world. 
 
Nixu Corporation (www.nixu.com) is one of the world's leading security specialist companies and has been focused on information security since its foundation in 1988. Since then it has worked with numerous banks, telecommunications firms and governments around the world to help them address and improve their approach to cybersecurity.
 
Nixu carried out a project to assess the security of the Crowd Valley API and Back Office platforms, which was done by attacking the Crowd Valley API and the administrative applications from the point of view of a motivated attacker trying to obtain unauthorized access to Crowd Valley’s customers’ data and functionality. 
 
The API was tested for general compliance with the OWASP Application Security Verification Standard requirement categories: Authentication, Session Management, Access Control, Malicious Input Handling, Error Handling and Logging, Data Protection, Communications Security, HTTP Security, Business Logic, and File and Resource Validation.
 
Following the process Crowd Valley customers can now benefit from the following functional updates that have been implemented and are already available on sandbox and live environments:

  • Two-Factor Authentication for all Back Office Admin Users using the Google Authenticator application
  • Global User Password Rules that enforce a consistent password policy across all end-user applications
  • Automated restrictions on Admin Users who attempt to login with an incorrect password more than 5 times within a short time period
  • Implementation of a stricter Content Security Policy and additional Cross Site Request Forgery protections in the Back Office to prevent phishing or similar attacks that would leverage an Admin User’s existing permissions
​ 
For more information on how you can make the most of these security features in your own applications please get in touch with your primary Crowd Valley contact.

​




Comments are closed.

    RSS Feed

       

    Categories

    All
    All Sectors
    Americas
    API
    Asia
    Australasia
    Clean Energy
    Crowd Valley
    CTO Blog
    Difitek
    Equity Investment
    Europe
    Events
    Expert Analysis
    Fintech
    Global
    Interview
    Lending
    Local Funding Network
    Marketing
    Market Watch
    Oceania
    Platform Updates
    Presentations
    Press Release
    Real Estate
    Regulations
    Russia
    Social Capital
    Webinar

Back to Difitek website


Copyright 2018 Crowd Valley Inc. 
All Rights Reserved.

Crowd Valley does not engage in the offer, sale or transfer of securities and securities may not be offered, sold or transferred via this website. Securities may not be offered or sold in the United States absent (i) registration under the U.S. Securities Act of 1933, as amended (the Securities Act) or (ii) an available exemption from registration under the Securities Act. Please consult legal counsel in the appropriate jurisdiction before offering, selling or buying securities as registration under the Securities Act or similar state legislation may be required.

Please note that the provision of the information on this website does not create and is not intended to create a relationship between Crowd Valley Inc. and any other person. You are not and should not regard yourself as being a client or customer of Crowd Valley Inc. and must not expect Crowd Valley Inc. to have any duties or responsibilities to you, act for you or your clients, or be responsible for providing protections afforded to customers or yourselves or be responsible for advising you in any respect.