How secure are Vitalware's web applications?

FAQ WebApp2Vitalware’s suite of web applications is designed with security and integrity of data as a primary objective. The web applications are designed and implemented using industry standard tools and technologies.

Vitalware web applications undergo rigorous security and load testing during all phases of the development lifecycle. In-house testing focuses on data integrity, authentication, authorisation, and availability under load. We use a range of tools for testing, including JMeter, WebScarab, JUnit, Profiling, and various tools from the OWASP CAL9000 project.

External Validation

Vitalware web applications have been successfully tested by external IT Security consulting firms in Australia, New Zealand and Canada. These tests were commissioned independently by Registries with testing criteria and objectives determined by the Registries with guidance from the external Security firms and from us. Testing targeted:

  • Denial of service attacks
  • Cross site scripting attacks (both reflected and stored)
  • Unauthorised access to resources on the web server
  • Unauthorised access to data in the data tier
  • SQL injection attacks

Critical security vulnerabilities are always a concern for Vital Statistics offices, particularly when there are web based interfaces into the system. We have a proud history of secure web application development. This is largely due to comprehensive testing in-house and by external security companies prior to web applications being deployed in a production environment. Any security related issues identified during testing are immediately sent to the System Architect, and then on to developers to implement a fix. In our 20+ year history in the Vital Statistics industry, we have never had to issue a fix urgently for a critical security vulnerability; however processes are in place should the need arise.

We constantly monitor the latest vulnerabilities affecting web applications, the primary source of information being OWASP Top Ten Project. New vulnerabilities are assessed as to their relevance to the Vitalware web applications and, if needed, tests are performed in-house. We are committed to disclosing the discovery of any critical security issue to its clients immediately.