Document Messenger - Technical Specifications

Document Messenger allows Organisations to electronically correspond with their clients online in a safe and secure environment. It has been designed from the ground up to be a security conscious web application.

Application

The Document Messenger system is a secure web application with the following specification:-

Data

Clients never receive documents or message text directly via email, they only receive notification of a message with a link. In order to access the message (and document) they need to authenticate.

Authentication

Https

All traffic between browser and server is redirected to use the HTTPS protocol so that the data is encrypted before transmission across network using TLS and verified against the identity of the server host using a certificate. TLS help protect against attacks such as a man-in-the-middle attack, where an attacker places himself in between a visitor and a web site, impersonating both - allowing them to tamper with the data, or even just passively listen.

Awareness

We follow the OWASP Top 10 and try to adhere to their recommendations in the current most critical security risks facing web applications and how to mitigate against them.

The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications minimize these risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

OWASP Top Ten Project