The personal reserves wine management platform is a cloud-based SaaS solution that uses the following technologies:
- Microsoft asp.net framework with SQL server database;
- Fully normalised database model;
- Responsive website design supporting PC, laptops, tablets and mobile devices (not to forget trading screens!);
- Multi-lingual and multi-currency frameworks;
- White labelling built-in through all functions and dimensions(style, content and behaviour);
- Modularised approach for all the major application components. Fully configurable back office: user administration, account/trading functions, access control functions, audit trail of website activity.
- Responsive website
- Modalised approach for application components
- Full user administration
- Granular access controls
- Audit trail of site activity
All Wine Owners’ sites are run on https/SSL wildcard certificate provided by Comodo CA Limited. These are the highest levels of SSL security – 2048 bit digital signatures and up to 256 bit encryption as standard with a $250,000 relying party warranty.
When installed on a web server, a SSL certificate activates the padlock and the https protocol and allows secure connections from a web server to a browser.
Private cloud servers are hosted at UKFast, an award winning data centre who are certified to ISO 27001 and ISO 9001:2008, verifying robust security practices within their data centres and operations.
Wine Owners is in process of being certified with the Cyber Essentials Plus program; developed with the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
Every quarter a remote penetration test of the Wine Owners platform is conducted externally by a specialist 3rd party. The scan tests the platform against a large library of known vulnerabilities and probes for potential routes that might lead to a compromise of the system.
The software used to do this is a world-class product that incorporates the latest hacking techniques and attack patterns.
The types of vulnerabilities checked include operating system and network vulnerabilities as well as database and HTML-based attack vectors. In addition the system is analysed for behaviour traits that may indicate botnet activity or other types of system compromise.
In 2018 we additionally contracted with a specialist firm who employ ethical hackers, who spent a week attempting to penetrate our servers (with the purpose of identifying any additional vulnerabilities).