The OAK platform has been designed to ensure high levels of service continuity and security, strongly secured from external attacks and designed around encryption of all transmitted data. Man-in-the-middle defence techniques are in place and all transmitted data are, in fact, managed unencrypted, with 256bit SSL protocol.

The architecture is based on a cluster of servers with both horizontal and vertical autoscaling on three levels: Web Server, Application Server and DB Server.

Based on predictive performance benchmarks, new servers are generated autonomously to handle any peak loads.

If one of the production servers fails, it is automatically undocked from the pool and hot-swapped with a new one.

Parallel to the automatic restores, an active messaging reports any technical problems to our technical staff who takes charge of the case within 30 working minutes.

 

The platform is constantly monitored and subjected to intensive security tests (Penetration Test). Specifically, OAK has successfully passed the test carried out in accordance with the most accredited analysis methodologies (OSSTMM, OWASP, ISO / IEC 15408, ITSEC, TCSEC), in compliance with the international reference standards (ISO / IEC 27001: 2005, ISO / IEC 27002: 2005, ISO / IEC 27005: 2008, ITIL, COBIT, GAO, FISCAM, PCI, SOX, HIPAA, CASPR, SET, NIST Best Practices, Legislative Decree 196/2003, other data protection regulations).

 

Specifically, we list below some technical notes relating to some functions implemented in the security field:

 

1. User credentials are not stored locally in an unencrypted manner in order to be safe even after using JailBreaking techniques on Mobile.
2. The logout action invalidates the session token making any attempt to spoof with third party tokens useless.
3. Any login errors do not highlight the wrong string (username vs password)
4. All traffic is sent encrypted over SSL, digital certificates are signed and managed in such a way as not to allow the use of self-signed certificates unless an explicit certificate authority is installed in the iOS security profile.
5. Security features such as PIE, ASLR and ARC are implemented.
6. Client side injection are implemented in order to avoid vulnerabilities on the injection side with particular attention to datasets (SQLinjection) or Receivers (Command injections, Directory traversal, etc)
7. UIID and MAC ID are neither visible nor transmitted
8. Data handling mechanisms are implemented.

 

As for the data, these remain your property and can be downloaded independently at any time. Digital Forest plays the role of a simple manager without any right to use the data for any purpose other than that strictly necessary to ensure the correct functioning of the platform.