STAFFINGGO applications are passed through various application vulnerability assessments and Risk identification test.

• • Cross Site Scripting
• • SQL Injection
• • Secure Transport Layer Protection
• • Blind XPATH Injection
• • Cross Site Request Forgery (CSRF)
• • Cache Poisoning

This is the lowest level of security provided by the application at the MS IIS level with digital certifications (HTTPS) that protect node to node level of encryption. Customers choose to either continue with HTTP or enable HTTPS depending on the requirement. HTTPS is not a necessity in most of the cases, because the data packets are encrypted by the application that protects the data from application to application than just node to node (network to network) level of encryption provided by HTTPS.

Data transmitted over the network are encrypted using RSA Asymmetric encryption 2048 bit key pairs.

Password Policy: All password are stored in database are encrypted and application supports all kind of password rules to adhere client password policy.

• • Configurable Password Policy in terms of character lengths, expiration, maximum incorrect attempts.
• • Login user system/IP information
• • Forgot password Mail

Single sign-on (SSO) allows a third party to authenticate a user for the STAFFINGGO System. STAFFINGGO app. support token based authenticate system where the third-party generates a secure token that allows the user (if validated) to automatically login.

Steps for SSO:

• 1. User authenticates on third-party website using the third-party’s username and password
• 2. Third-party website generates a secure token only if login is successful with a unique id for each user
• 3. The third-party website presents a link to log into STAFFINGGO App. with the secure token or can redirect the user to the STAFFINGGO App. The secure token must be in the URL or posted to the STAFFINGGO App.
• 4. STAFFINGGO App. verifies that the secure token is correct and automatically logs in the user.

STAFFINGGO maintains audit logging records attempted or complete actions. Those records should include when, where and by whom the action was taken (naturally, the ‘whom’ is provided by authentication). Logging user actions can help you improve security in a variety of ways.

User Level Security: Each role user or application administrator will have to log onto the application using secure https://app.StaffingGo.in and with their own valid user id and password.

STAFFINGGO provides robust/stringent/multi-layered security methods to ensure highest level of security is provided to the user who accesses the data. The different types of security standards provided by the application are described below starting from the system level to the user level.

All requests are authenticated against a token issued by a custom built JWT Server. Token-based Authentication no session is persisted server-side (stateless). Credentials are exchanged against a token which is then attached to every subsequent request. Token provided by the STAFFINGGO Server is stored and added to subsequent requests by using the browser’s storage capabilities. In addition to this, the token receipt procedure is encrypted using the FIPS-compliant RSA Algorithm.

All data transfer between the servers is done with TLS and ensures safety, in terms of a wiretap or a Trojan attack. In addition to this, the data is encrypted at rest on supported MYSQL Server installtions. The servers exchange data using specific TCP & UDP packets.

BCP will be in line with client BCP and Disaster Management, daily back up will be taken to ensure Database is secured as per client DB back up policy.