Technology
Cloud-based, Web 2.0 software as a service (SaaS) solution uses the following technologies:
Microsoft asp.net framework with SQL server database
Fully normalised database model
Responsive website design supporting PC, laptops, tablets and mobile devices (not to forget trading screens!)
Multilingual and multi-currency frameworks
White labelling built-in through all functions and dimensions(style, content and behaviour)
Modularised approach for all the major application components
Fully configurable back office: user administration, account/trading functions, access control functions, audit trail of website activity
Full user administration
Audit trail of site activity
SSL
All Wine Owners’ sites are run on https/SSL wildcard certificate provided by Comodo CA Limited. These are the highest levels of SSL security – 2048 bit digital signatures and up to 256 bit encryption as standard with a $250,000 relying party warranty.
When installed on a web server, a SSL certificate activates the padlock and the https protocol and allows secure connections from a web server to a browser.
Private cloud servers are hosted at UKFast, an award winning data centre who are certified to ISO 27001 and ISO 9001:2008, verifying robust security practices within their data centres and operations.
Wine Owners is in process of being certified with the Cyber Essentials Plus program; developed with the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
Penetration testing
Every quarter a remote penetration test of the Wine Owners platform is conducted externally by a specialist 3rd party. The scan tests the platform against a large library of known vulnerabilities and probes for potential routes that might lead to a compromise of the system.
The software used to do this is a world-class product that incorporates the latest hacking techniques and attack patterns.
The types of vulnerabilities checked include operating system and network vulnerabilities as well as database and HTML-based attack vectors. In addition the system is analysed for behaviour traits that may indicate botnet activity or other types of system compromise.
Since 2018 we have additionally contracted with a specialist firm who employ ethical hackers, and who spend a week a year attempting to penetrate our servers (with the purpose of identifying any additional vulnerabilities).