Multiple layers of protection
With yourbuildingmanager.online, you can rest easy. We take your security seriously. In addition to standard server security, we provide several additional layers, including: your private login, hashed passwords, limited login attempts, building/unit access checks, protection against cross-site scripting (XSS), split databases, DoS payload-bomb protection, and more.
CSP
In addition, all our web pages are protected by a Content Security Policy (CSP).
A CSP strictly defines from where the elements of a website (HTML structure, CSS layout, and interactive scripts) may be loaded. If someone tries to inject malicious code into our website, CSP automatically blocks it.
In simple terms: even if someone tries to manipulate the website, unauthorized scripts cannot run.
CSP is a relatively modern security standard and is not widely used yet. Only about 14–20% of the top 1 million websites implement some form of CSP.
Continuous monitoring
Furthermore, this security is regularly tested to ensure it works!
We also take feedback from security researchers seriously. In the first contact, we ask that the security issue is explained with the affected page names and the necessary steps to reproduce it, to avoid false reports. Serious security researchers will not have a problem with this request. We do not offer an official bug bounty program, but we evaluate every report individually.
