• 22 Dec 2011

    The Dangers of Social Engineering

    Asset Allocation by its nature is a risky business attempting to make money through investments such as shares, equities and funds. With this in mind it makes sense to ensure every other aspect of the company is as safe as possible to prevent further risks and dangers.With this in mind let me set the following scene:

    'Imagine you arrive at work in morning and are just about to enter the building when you see a delivery person struggling with the door'

    It’s human nature to try and be helpful (at least for most of us); in this situation it would mean holding the door open so they can get through easier. Of course in a perfect world this is fine but what if that delivery guy you let into the building was in fact a ‘Hacker’, you would have just given them access to the building and potentially the network ...

    Category:
  • 20 Dec 2011

    Fund Administration and the Security Triangle

    Fund Administration is defined as “the set of activities that are carried out in support of the actual process of running a collective investment scheme”. If you strip this down to its most basic elements it basically leaves you managing someone else’s money for them. As soon as you start looking after someone else’s money priorities drastically change.

    When you consider security with regards to development for Fund Admin applications it is difficult to not consider the ‘Security Triangle’ (shown below):

    In an ideal world your project would sit dead in the middle of this triangle representing a perfect harmony of the 3 aspects; however this is rare because the sections do not always complement each other that well. When considering fund admin theme this becomes clear; obviously you want to protect the data as best you can from unauthorised access by malicious users and the best way of doing ...

    Category:
    • Software Applications
  • 13 Dec 2011

    Top 5 Security Tips

    Having recently attended a course in Ethical Hacking it has made me dangerously aware of just how flawed some security systems can be. More specifically if you have ever found yourself working on a  project developing financial software it is guaranteed that you will have to deal with (and in turn protect) delicate personal information. This said I thought I would try to compile a top 5 security checks you should keep in mind while developing such projects:

    1. SQL Injection / Cross Site Scripting – this is the biggest problem that catches most people out. In all places where a user can input data it’s important to sanitise the inputs to ensure SQL strings cannot be generated due to a rouge quotation mark.
    2. Passwords – one of the easiest parts to not enforce in the security process is that of a strong password. Dictionary words should really be avoided ...
    Category:
    • Testing
  • 12 Dec 2011

    Adding a Custom 404 Page with Sitefinity


    It's always annoying when you mis-type a URL, or click on a long-dead link to be confronted with a horrible error message:

    .Net 404 error page

    It looks unprofessional (especially if you are a web development company), scary and leaves the visitor with nowhere to go. Much better would be your own customised 404 page, gently directing the site visitor to a more appropriate place. To get this working in a Sitefinity site you need to do three things:

    1. Create a 404 page in Sitefinity. You can just make a plain, unadorned page but this "not found" area is a great place to funnel customers back to where they need to go (or where you'd like them to go!). There's lots of articles around on how to make use of your 404 page, such as this 404 guide from GetElastic.

    If you have no other ideas, just add contact links, top-level navigation ...

    Category:

Please enter your details and we will aim to call you back the same day.