Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

The VMS is 100% API driven and cyber security is focused on API cyber security in the first place.

Secure API.


We have 3 levels of API with different levels of security:

  1. Level 3 requires an SSL key/cert pair for authentication. This is the most secure API and can be
    used for creating “license keys” that can be associated with customers or users. Designed for
    cloud-to-cloud (service-to-service) calls.

  2. Level 2 requires a “license key” for authentication; this API can be used for adding/removing
    cameras and associated resources, and each new camera receives a “camera access token”. Designed
    for back-end calls.

  3. Level 1 requires the “camera access token” for authentication, this API is used to control the
    corresponding camera and access its data (live, recorded, events, archive, etc.). Designed for
    front-end calls.

Input validation and rate limiting

In addition to tools provided by cloud infrastructure providers, Cloud VMS uses call rate limitation for invalid API calls as a countermeasure to DDoS attacks.

In the case of AWS, we also use AWS Shield for protection from DDoS attacks.

Secure development life cycle (SDLC)

VXG runs vulnerability tests on the test VMS deployment at the end of each development cycle.

Vulnerability tests (pentests)

The VMS has passed professional penetration tests. The tests were carried out as a grey box penetration tests.

Methodology.

We ensure to use only current technologies, and tools and follow best practices for penetration testing. For that we use professional pentest tools from the leading cybersecurity providers All tests are guided and inspired by the OWASP Testing Guide and Open Source Security Testing Methodology Manual (OSSTMM) to reach the highest standards. 

Reports

The list of tools is available upon request. These reports include

  • Network Vulnerability Scanner

  • API Vulnerability Scanner

  • Web Vulnerability Scanner

  • No labels