The VMS is 100% API driven and cyber security is focused on API cyber security in the first place.
Secure API.
We have 3 levels of API with different levels of security:
Level 3 requires an SSL key/cert pair for authentication. This is the most secure API and can be
used for creating “license keys” that can be associated with customers or users. Designed for
cloud-to-cloud (service-to-service) calls.Level 2 requires a “license key” for authentication; this API can be used for adding/removing
cameras and associated resources, and each new camera receives a “camera access token”. Designed
for back-end calls.Level 1 requires the “camera access token” for authentication, this API is used to control the
corresponding camera and access its data (live, recorded, events, archive, etc.). Designed for
front-end calls.
Input validation and rate limiting
In addition to tools provided by cloud infrastructure providers, Cloud VMS uses call rate limitation for invalid API calls as a countermeasure to DDoS attacks.
In the case of AWS, we also use AWS Shield for protection from DDoS attacks.
Secure development life cycle (SDLC)
VXG runs vulnerability tests on the test VMS deployment at the end of each development cycle.
Vulnerability tests (pentests)