Tweet
Hi, I'm new to EspoCRM. My customers are particularly concerned with security. Hope to get advice from the community and team on these aspects and if EspoCRM supports the security checklist out of the box. Or directions on how I could go about taking care of those requirements. Thank you.
Database Encryption:
- Sensitive data to be encrypted using AES (256-bit) for data at rest.
- User passwords are hashed using bcrypt or Argon2.
Authentication and Authorization:
- Multi-factor authentication
- Strong password policies and role-based access control
- Use of token-based authentication for secure sessions.
SQL Injection Prevention:
- Use of prepared statements and parameterized queries.
- Inputs are validated and sanitized regularly.
Cross-Site Scripting (XSS) Protection:
- User-generated content sanitization and CSP headers implementation.
- Secure frameworks automatically handle output encoding.
Cross-Site Request Forgery (CSRF) Protection:
- Anti-CSRF tokens integration into forms and sensitive actions.
Security Features:
- Comprehensive logging and code has been through vulnerability assessments
Database Encryption:
- Sensitive data to be encrypted using AES (256-bit) for data at rest.
- User passwords are hashed using bcrypt or Argon2.
Authentication and Authorization:
- Multi-factor authentication
- Strong password policies and role-based access control
- Use of token-based authentication for secure sessions.
SQL Injection Prevention:
- Use of prepared statements and parameterized queries.
- Inputs are validated and sanitized regularly.
Cross-Site Scripting (XSS) Protection:
- User-generated content sanitization and CSP headers implementation.
- Secure frameworks automatically handle output encoding.
Cross-Site Request Forgery (CSRF) Protection:
- Anti-CSRF tokens integration into forms and sensitive actions.
Security Features:
- Comprehensive logging and code has been through vulnerability assessments
Comment