All user data is considered untrusted, and all textual data that is inserted into a database is cleaned and/or escaped properly. We have a defense-in-depth approach; even if a software library sanitizes input, the VoiceThread code also sanitizes the input. Any data used for LDAP authentication is also sanitized.
Cross Site Scripting
Initial development and code reviews avoid implementation patterns that have known security vulnerabilities. Textual data from users is escaped for inclusion in HTML pages before being sent to any client application, which provides protection for browser-based components of VoiceThread. The codebase is audited on a quarterly basis for new XSS vulnerabilities.
Authentication / Session Management
No authentication attempts can be made except over SSL so that passwords are never sent over the internet as plain text. Failed authentication attempts are rate-limited to reduce the viability of brute-force attacks. The number of concurrent sessions per user is limited. Users are able to see all their authenticated sessions and terminate any suspicious ones. Organizations may specify inactivity timeouts after which a session will automatically be invalidated to reduce the likelihood of unauthorized use from a shared computer.
Direct Object References
All functions in the VoiceThread codebase check the permissions of the session-derived user ID before allowing any access or changes.
Cross-Site Request Forgery
VoiceThread’s APIs are designed to be used from a wide variety of origins, and therefore do not currently restrict usage to certain referrers. However, organizations can set short inactivity timeouts on the authenticated sessions of their users, which limits a user’s exposure to CSRF attacks to periods where they are actively using VoiceThread.
Security Configuration Management
All systems and software are updated on a regular basis, as required based on the nature of incoming security changes from OS and software vendors. There is a culture and process of continuous improvement for software management, access management, and back-end firewalling.
Cryptographic Key Management
VoiceThread encrypts passwords using the peer-reviewed, industry-standard bcrypt password hashing function with a suitable work factor that balances attacker and defender verification. VoiceThread imposes no practical limit on overall password length or usable character set. VoiceThread generates salts using a cryptographically-secure source.
URL Access Restrictions
Site components that accept or use URLs (e.g., via an API call) have an allow list (default deny) of allowable URLs. The API can also import media by fetching data from a URL, and while these URLs are not checked against an allow list, the resulting content is scanned for viruses and validated as if it were uploaded content.
Transport Layer Protection
If an organization chooses to enable SSL by default, then all content other than inbound audio and video recording is protected using SSL, including cookies, session data, and related content.
Redirect and Forward Validation
All redirection target URLs are checked against a list of trusted domains, and any that are not on this list are denied.