Data security
CONNECTION PROTECTION
The connection is established via HTTPS protocol
It is protected by a certificate from Sectigo.
The encryption uses the SHA256WithRSA algorithm, which is currently considered the standard.
Moreover, the server does not accept connections via outdated protocols, such as SSLv3 and below.
CERTIFICATE CHAIN REPORT
These results were cached from March 21, 2023, 9:46 am PST to conserve server resources. If you are diagnosing a certificate installation problem, you can get uncached results by clicking here.
✅ app.bimpsoft.com resolves to 135.181.3.236
✅ The certificate should be trusted by all major web browsers (all correct intermediate certificates are installed).
✅ The certificate was issued by Sectigo.
✅ The certificate expires in 284 days.
✅ The hostname (app.bimpsoft.com) is correctly listed in the certificate.
1 SERVER
Common name: app.bimpsoft.com
SANs: app.bimpsoft.com, www.app.bimpsoft.com
Valid: from November 29, 2022, to December 31, 2023
Serial Number: 59c240c48b481a68f8008b252647f1f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: Sectigo RSA Domain Validation Secure Server CA
2 CHAIN
Common name: Sectigo RSA Domain Validation Secure Server CA
Organization: Sectigo Limited
Location: Salford, Greater Manchester, GB
Valid: from November 1, 2018, to December 31, 2030
Serial Number: 7d5b5126b476ba11db74160bbc530da7
Signature Algorithm: sha384WithRSAEncryption
Issuer: USERTrust RSA Certification Authority
3 CHAIN
Common name: USERTrust RSA Certification Authority
Organization: The USERTrust Network
Location: Jersey City, New Jersey, US
Valid: from March 11, 2019, to December 31, 2028
Serial Number: 3972443af922b751d7d36c10dd313595
Signature Algorithm: sha384WithRSAEncryption
Issuer: AAA Certificate Services
USER ACCESS PROTECTION
The database stores the SHA256 password hash and salt, which protects against rainbow table attacks.
Access works through a pair of JWT tokens, with a mechanism similar to OAuth 2.0.
The access token, which stores access data, has a short lifespan and therefore does not pose a threat in case of compromise.
✅ There is an instant employee blocking mechanism via a Telegram bot.
IN DEVELOPMENT
✅ Transition to artificially unified password encryption algorithm – bcrypt.
✅ A new authorization microservice is being developed, with functions including:
- Tracking of negative activity (e.g., login from different countries).
- Two-factor authentication (2FA).
DATABASE PROTECTION
Databases are hosted on public servers from Hetzner in Germany and Finland.
Company data is distributed across multiple servers. Table and field names are encrypted and require a key file stored separately. Without it, understanding the relationships between the data in the database is impossible.
Data security
CONNECTION PROTECTION
The connection is made via HTTPS protocol
It is secured by a certificate from Sectigo.
The encryption uses the SHA256WithRSA algorithm, which is considered the standard at the moment.
In addition, the server does not accept connections via outdated protocols, namely SSLv3 and below.
CERTIFICATE CHAIN REPORT
These results were cached from March 21, 2023, 9:46 am PST to conserve server resources. If you are diagnosing a certificate installation problem, you can get uncached results by clicking here.
✅ app.bimpsoft.com resolves to 135.181.3.236
✅ The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
✅ The certificate was issued by Sectigo.
✅ The certificate will expire in 284 days.
✅ The hostname (app.bimpsoft.com) is correctly listed in the certificate.
1 SERVER
Common name: app.bimpsoft.com
SANs: app.bimpsoft.com, www.app.bimpsoft.com
Valid: from November 29, 2022, to December 31, 2023
Serial Number: 59c240c48b481a68f8008b252647f1f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: Sectigo RSA Domain Validation Secure Server CA
2 CHAIN
Common name: Sectigo RSA Domain Validation Secure Server CA
Organization: Sectigo Limited
Location: Salford, Greater Manchester, GB
Valid: from November 1, 2018, to December 31, 2030
Serial Number: 7d5b5126b476ba11db74160bbc530da7
Signature Algorithm: sha384WithRSAEncryption
Issuer: USERTrust RSA Certification Authority
3 CHAIN
Common name: USERTrust RSA Certification Authority
Organization: The USERTrust Network
Location: Jersey City, New Jersey, US
Valid: from March 11, 2019, to December 31, 2028
Serial Number: 3972443af922b751d7d36c10dd313595
Signature Algorithm: sha384WithRSAEncryption
Issuer: AAA Certificate Services
USER ACCESS PROTECTION
The database stores the SHA256 hash of the password and salt, which protects against rainbow table attacks.
Access works with a pair of JWT tokens, their algorithm is similar to OAuth 2.0.
Access token, which stores the access data, has a short validity period, so it does not pose a threat if compromised.
✅ There is a mechanism for instant blocking of a company employee via Telegram bot.
IN DEVELOPMENT
✅ Transition to an artificially common password encryption algorithm – bcrypt.
✅ A new authorization microservice, among its functions will be:
- Tracking negative activity (for example, login from different countries).
- Two-factor authentication (2FA).
DATABASE PROTECTION
Databases are located on dedicated servers from Hetzner in Germany and Finland.
Company data is distributed across several servers. Table and field names are encrypted and require a key file, which is stored separately. Without it, understanding the relationships of data in the database is impossible.
