Client security and privacy are key to ensuring a safe online environment for 1TRACKER EXT customers. WEBAPPZ recognizes the importance of maintaining your data and business information confidential and has taken all measures possible to provide the highest level of security. We pride ourselves in our expertise and strength in providing this benefit to our end customers.
Data Transaction Security
WEBAPPZ is committed to data transaction security. To protect your information collected and
maintained, using 1TRACKER, we support data encryption. WEBAPPZ's cluster1 & cluster3 servers, responsible for the EXT version, utilize an industry-standard Secure
Sockets Layer (SSL), 128-256 bit technology to allow for data encryption between your browser and our secured servers, so that no 3rd party can intercept your confidential information. For the BOX and CUSTOM versions, we assist clients with installing such certificates to have the same level of security as well.
Data Backup Security
Our cluster1 & cluster3 servers (EXT version) ensure that your valuable data is backed up daily, at two redundant locations, with fail-over configurations. Once a week, an encrypted copy is stored at the Commerzbank of Germany. We advise our clients of the BOX and CUSTOM versions on a backup strategy best fitting their unique needs.
Network Firewall Protection
For security, reliability, and performance, WEBAPPZ uses CISCO firewall technology to prevent unauthorized Internet users from accessing the 1TRACKER servers connected to the Internet. All messages entering or leaving our servers pass through firewalls, which examine each message and block those that do not meet the specified security criteria.
For businesses interested in running 1TRACKER within their own firewalled network (BOX and CUSTOM versions), such as their own local or wide area network (LAN/WAN), WEBAPPZ can provide assistance with configuring the network to accomodate this. 1TRACKER's communication is purely https based (ssl port 443 TCP), in accordance with the World Wide Web Consortium (W3C).
When users access the 1TRACKER application through the 1TRACKER website or through a 1TRACKER login panel, enhanced security is the default. A secondary browser window will then be launched for your 1TRACKER session. When you sign out of your 1TRACKER session, this window will automatically close, erasing all the pages that you have visited during your 1TRACKER session from the computer's memory. Enhanced Security is ideal if you are accessing 1TRACKER from a terminal that is in a public place or shared with other individuals. All 1TRACKER functions remain the same.
Password Login and Protection
1TRACKER provides secure login with password authentication and encryptions capabilities. Users require a login name and password to gain access to the system. The company's system administrator first enters users into the system and provides them with a user id and password. This ensures that only those persons authorized to use 1TRACKER are permitted login access. The password format is also defined by the administrator and can be both alpha-numeric and case sensitive. Application passwords can even opt for password aging and format policies to improve security and reduce the possibility of unauthorized persons obtaining user passwords. Accounts are suspended if a user types an incorrect password repeatedly. Only an administrator can reactivate a suspended account.
Customers are solely responsible for maintaining the secrecy of their passwords or any account information.
WEBAPPZ has taken all measures possible, on the application-side, to ensure your information is secure and
private. A user's password is encrypted, and stored in its encrypted format, in 1TRACKER's application
database . Only the 1TRACKER administrator (HeadQuarters Person) for your office can reset, disable, or enable users to change their passwords. No other person has access to user login id's and passwords. Individual users can change their passwords through the self-service feature.
Application Firewall Technology
WEBAPPZ's proprietary, built-in firewall technology - bizDAV - allows administrators to restrict internet access for the entire business or for each individual user, by specifying limited internet addresses or locations. As such, there is no need to
worry about the whole internet being able to access your secured information. Individual users can set and validate their own IP ranges for limited or additionally required access. You could specify, for example,
that your office administrator can only login from your main office, your company's project managers can
login from the main office and client sites, and all other employees can login to 1TRACKER, from the whole
internet. This information can be changed at any time and will take immediate effect, system-wide, once
entered. For 1TRACKER users, any changes will be applicable at their next login
Administrator-defined user access ensures application-wide security. In 1TRACKER, users can be assigned various roles - a worker, project manager, account manager, and/or client manager. These roles are associated with security profiles or access levels. Based on his or her security profile a user gains access to or is restricted from certain 1TRACKER functions. 1TRACKER provides default access rights for every security profile and allows an administrator to define new profiles, or to customize existing profiles according to the needs of a particular organization. Assigning and making changes to user access levels is easy. Administrators simply add users to or remove them from a security group. The change in access level is immediate and applies the next time the user logs into the application.
1TRACKER incorporates this valuable security feature on the administrative side. It provides a non-deletable, digital footprint of all user activities. All user actions such as logins, timesheet/expense report entry, revisions, creation of invoices, bill payments, etc are recorded. Every audit record includes information about the user, recording date, action details, and client IP. The audit information can be accessed at any time by the administrator to verify or track inappropriate or invalid entries, data changes, and unauthorized access attempts. Also, individual users have the authority to view their own audit information.
Payment Transaction Security - (EXT version only)
All payment transactions are handled by a third party provider, outside of WEBAPPZ's system. Credit card
information is only retained as long as is needed to perform the payment transaction. As such, no credit card
information is stored in any of our databases. Only payment confirmations are stored.
1TRACKER's Commitment to Security
WEBAPPZ has addressed the following web application vulnerabilities to ensure a safe environment when working with 1TRACKER:
- Unvalidated Parameters
- Broken Access Control
- Broken Account and Session Management
- Buffer Overflows
- Command Injection Gaps
- Error Handling Flaws
- Remote Administration Problems
- Web and Application Server Misconfiguration
- Session Hi-jacking
Back to top