Security

While no software will ever be 100% secure, Flying Fleet is built with as much security possible.

Hosting is offered on a certified iso certified provider and GPRDS compliant.

As OS, Ubuntu latest LTS is used, with auto-update / auto-reboot set to ensure all the latest patches are always applied. Only the standard and required ports for the service are open externally, and an auto-locker is installed if somebody tries to brute-force the OS.

On the software level, .NET Core is used with Entity Framework Core, which contains many security checks directly embeded and prevent many attacks vectors like SQL injection.

Communication from the browser to the server always goes over SSL, and is therefore encrypted.

Member passwords are hashed (salt + pepper), and are therefore not available as plain text in the DB.

OWASP rules are checked during the development and the testing phase.

As Flying Fleet doesn't use commonly known weak frameworks like WordPress or other PHP frameworks, usual PenTesting doesn't deliver usefull information. However we run Nessus security scanner, and found no security issues. => Results of Nessus security scanner

If a security issue is reported / detected, it will be considered an high priority event and will be handled as quickly as possible.

.NET Core CVE