Megaventory Blog - Online Inventory Management Software, Order fulfillment and Control System
This is the company blog for megaventory, an online software that helps small businesses that buy, sell and manufacture physical products to manage sales, purchasing, manufacturing and inventory. We blog about new features and updates but also about enterprise software, small businesses, cloud computing and the industry in general.

Saturday, January 9, 2016

More Megaventory improvements: security upgrades implemented

In the interest of supporting the data security of our customers, we have preemptively completed multiple online security audits and upgrades.

In the year that’s just wrapped, the issue of online security kept cropping up constantly. Almost every week, news of a significant security breach surfaced while minor ones undoubtedly kept happening at a more frequent pace.

Online security can mean many things depending on the industry in question – it can range from individual laptop protection to app database security – and the respective sector (whether that’s B2B or B2C). In any case, the protection of assets against hacking has been an established topic in most lists of what will be a hot field in technology in 2016.

Always working for our customers’ best interests and with the aim of staying ahead of the game we committed to reviewing and improving Megaventory’s security during the second semester of 2015. This review coincided at just the appropriate period of wrapping up the new megaventory.com interface so that any necessary improvements were immediately introduced to the new version of the service.

As such, we have taken the following steps to improve security in Megaventory:
  • We have performed an internal audit of our entire code base identifying and addressing the most typical security issues a web application needs to cover against. This included attack vectors based on Cross Side Scripting, file injection, SQL query sanitization, our email server, web server redirects/forwards and the SSL certificate, among other things.
  • We have also hired Vulnerability Assessment and Penetration Testing company esecurify.com to perform a full security audit of Megaventory. The audit covered the major vulnerabilities of the OWASP industry standard across the entire scope of the app and was followed by the immediate correction of any issue that was detected.
  • An independent partnership deal we have been working on for many months now (and which is about to be announced – stay tuned!) required an additional security audit which was initiated and completed during the last two months of 2015.
  • We have instituted a bug bounty program so that any interested party can audit the Megaventory application for security (or other issues) and they will be reimbursed for finding points in the application which need improvement. Refer to the EULA (sections 11.3 and 11.4) for details.

As a result, Megaventory enters 2016 confident that its customer base has one less thing in mind in the constantly shifting technology landscape. So, instead of worrying about their data and business security online Megaventory customers can relax and think about how they can make their company fulfill its potential.