Security Features of SaaS Platform
Security Feature
Sample Links
Details of Links
User Authentication
Verify user identity using username and password before logging in.
For example link to Admin login page that requires you to enter credentials before accessing admin options
Session Timeout (Customer)
Terminate inactive customer sessions after 5 minutes. (Remember to first enter username & password to proceed)
This Buy A Subscription page has a session timeout of 5 minutes (to easily perform testing, timeout is set to be 5 minutes). After 5 minutes of inactivity you will be redirected to customer login page.
Cookie Invalidation (Admin)
Invalidate admin cookies after 5 minutes of inactivity. (Remember to first enter username & password to proceed)
This Add Payment Method page has a cookie expiration time of 5 minutes (to easily perform testing, cookie expiry is set to be 5 minutes). After 5 minutes of inactivity you will be redirected to admin login page.
Input Validation
Ensure strong password and valid input for password field in SIGN UP page
Sign Up page has all validators in it (password, email, required fields, etc.)
Role-Based Access Control
Restrict access based on roles (Admin/Customer).
At the bottom of main page two roles admin and customer are defined and access is given only based on roles.
Parameterized Queries
Prevent SQL Injection attacks. (Remember to first enter username & password to proceed)
The code behind of added aspx (and all others that include database insertion code) is using parameterized SQL queries after taking input from user.
SSL Certificate
https://alishbahbashir.somee.com/
Visit this https link to verify
Encrypted ViewState
Protect page state data from tampering. (Remember to first enter username & password to proceed)
This view subscription page (and all pages of my web application) has viewstate encrypted.