Protecting Our Systems Against Data Breaches
While there are NO GUARANTEES against a cyber-attack, we are working hard to increase security on the our websites
and web applications by using industry standards that defend against several types of cyber-attacks.
The start of the Russia-Ukraine conflict in early 2022 increased the likelihood of cyber-attacks
against US businesses; both public and private. As a result, the Cybersecurity & Infrastructure Security
Agency released a Shields Up Advisory
wherein they "recommend that all organizations—regardless of size—adopt a heightened posture when
it comes to cybersecurity and protecting their most critical assets".
Cadresoft immediately responded to this advisory by reviewing all of our corporate and client websites which
were already protected by several security features defined below. We therefore focused primarily
on Content Security Policy, clickjacking and cross site scripting.
SQL injection is a technique that attackers use to gain unauthorized access
to a web application databases by adding a string of malicious code to a database query.
A SQL injection manipulates SQL code to provide access to protected resources, such as sensitive data,
or execute malicious SQL statements. Our websites has been designed and developed using industry
standards and best practice methods to protect against SQL injection.
Software updates prevents hackers from taking advantage of known vulnerabilities in software which
can lead to a data breach and other attacks. We use the latest version of any software used to
develop your website; especially if your website is under a maintenance plan.
Sanitizing and Validating User Input helps protect your website and data from being hacked
or compromised. We never trust user input when we ask users to complete forms on websites. Instead, we
design your website to ensure that the data provided by a user is what is expected. For example, if we
are asking the user to provide a date, we force the user to select the date from a calendar or force the
date to be correctly formatted and warn the user when a bad date has been entered. When the user clicks
the submit button on the form, the date is evaluated to verify that it is valid. If the date is not valid,
the date is rejected, and user is presented with an error message.
A Content Security Policy (CSP) is a security standard that provides additional layers
of protection from cross-site scripting (XSS), clickjacking, and other code injection attacks.
CSPs help to ensure content loaded in the webpage is trusted to increase protection against
various forms of cyber-attacks.
SSL certificates keeps internet connections secure and prevents hackers from reading
or modifying information transferred between two computer systems: such the connection between your PC
and your website. When you see a padlock icon next to the URL in the address bar, that means an SSL
certificate is protecting the website you are visiting. If a hacker intercepts the data being
transmitted between your PC and the website, the data is useless to the hacker because it is encrypted.
Data being transmitted can be sensitive in nature such as names, date of births, credit card info and
user passwords. Most modern browsers are now reporting a website as “Not Secure” when an SSL
certificate is not used on a website.
Cross site scripting (XSS) is a common attack that can compromise user accounts,
activate trojan horse programs and cause your website visitors to release private information. A
successful cross site scripting attack can have devastating consequences for an organization’s reputation
and its relationship with its clients.
Clickjacking is an attack that tricks website visitors into downloading malware,
visiting malicious web pages, or providing credentials or sensitive information. Clickjacking
can have a negative impact on the reputation of your website and your business.