Softlink IC Blog
Subscribe to our quarterly update
An insight into our commitment to securing data in Liberty and illumin
The security of your data is paramount to Softlink. To this end, our development team employs processes that ensure data security is at the forefront of their minds when coding.
New developers are trained to write secure code. The focus on secure code is an ongoing proposition. All developers attend annual refresher training and review frequent updates to security measures. Liberty and illumin are subject to biannual internal audits to identify any potential vulnerabilities. Did we mention managing the hosting servers and the security configurations of both products? This can be a balancing act to ensure tight security without trading off system functionality or ease of use.
As part of our continuing focus on security, the most recent developer training day took a different approach!
So, do you have 1337 hacker “skillz”, or do you not even know what “1337” is?
Recently, the Softlink development team completed their regular security training day. The aim of these regular training days is to continue to understand the key software security threats that can affect web applications such as Softlink’s Liberty and illumin products. To understand the techniques required to make them as secure as possible.
The first part of the day focused on normal training activities – learning about what the threats are and what to do in the code to make those attacks more difficult. Pretty standard stuff. The second part of the day saw the developers switch things around a little – they turned into hackers! An example application (not Liberty or illumin, which implement good web security practices) was used.
As James Martin, Softlink’s Development Manager noted,
“Because we’re all hacker “n00bs” (newbies), our training involved trying to attack an example application that was specifically designed to be easily hackable. The target application also provided lessons leading you to attack using a variety of different techniques.
The exercise was really quite eye-opening for us. While none of us were able to figure out the more complex attacks ourselves in the time available, we were all successful at using several of the simpler techniques. They still gave us full unrestricted access to the target application’s database. Even the more complex attacks became achievable once we recruited Google®/YouTube® to our cause (hey – we’re hackers. We’re allowed to cheat!). Reading about the security breaches of companies that resulted in the leaking of millions of users’ private data is one thing, successfully executing an attack yourself and seeing the data scrolling down your screen is quite another.”
This most recent training day reinforced our focus on built in security measures. It gave the developers some good insights into how a malicious attacker might try to gain access to your system. Gaining another perspective can only contribute to increasing security of Liberty and illumin.
And… if you’re still wondering, what ”1337” is, James provides the answer,
“It’s an example of using numbers that look kind of like letters to spell a word. 1337 looks like ‘leet’ or ‘elite’. Early hackers used numbers to replace letters and deliberate mis-spellings when posting online to avoid content filters and to make their conversations harder to understand for the uninitiated – a bit like the computing version of rhyming slang. It’s quite common in the computing/gaming world now.”
- You or Your LMS Vendor – Who Controls Your Library’s Business and Security Settings?
- Employee Spotlight – Jeff O’Keeffe
- Got Satellite Collections? Manage Them with Liberty Link
- The Softlink Scoop – Edition 03/2019
- 5 Brilliant Benefits of Liberty v5 to Whet Your Appetite
- So You Think Your Library Homepage is an Attention Grabber? Wait ‘til you Personalise it!
- Data Conversion – Why Softlink Information Centres Does it Better
- The Softlink Scoop – Edition 02/2019
- Showcasing Liberty and illumin at ALIA’s 2019 Conference
- Softlink IC’s First Liberty Virtual User Group Meetings for 2019