-
-
-
- User interface versions
- Building blocks for user interface design
- Adding styles with a css
- Surrounding page
- Changing snippets
- Creating a custom login page (pre 3.4)
- Creating a custom login page
- Using velocity templates within the blueprint
- Create your own web pages
- HTML delivery requirements
- How to customize system mails
-
-
- Introduction to security
- Secure development
- Security certification
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Other options concerning secure development
- Security analysis
- Secure deployment
- Secure application management
- Scrambling of testdata
- Anonymization of personal data
- Using robots.txt
- Permission settings
- Security measures
- Data encryption
-
- Search Engine Optimization
- OTP
- User Interface migration guide
- User account management
- Instructies voor implementatie van visueel editen van nieuwsbrieven
- Login as another user
- Support
- More information about moving to User Interface Version 4.0
- Standaard page layout
- Sections moved to layout
- Aanpassingen in release 2024-7
- Media library
- Aanpassingen in release 2024-10
- Analytics and Matomo
- Registration forms
- How to change names of classes and fields?
- Responsible Disclosure Policy
- How to upload a blob in Velocity?
- Aanpassingen in release 2024-2
- Instances
- Google Analytics
- Street and City helper (postcodecheck)
- Responsible disclosure-beleid
- Postcode check service (straat en huisnummer) kosten
- Expressions
- Regular Expression Reference
-
Secure application management
The following page describes secure application management:
- Periodic checks on permissions matrices
It is advised to regularly check the permissions defined in the blueprint. Consider making this a recurring task for someone in the organization, for instance every six months. Let the person responsible explicitly document that this check has been done and that the permissions are in order.
Pay special attention to the permissions of anonymous user groups. If this application is live, search bots also visit the application als anonymous users. They crawl through all available URLs and can find unexpected gaps. By inspecting the permission matrix visually this risk can be (partially) mitigated. - Penetration test (pentest)
Using a vulnerability scan of ZAP, the application is tested thoroughly for risks. It is tested on, among others, XSS, SQL-injection, exposure of sensitive data, and many more risks. These scans are regularly updated to account for new risks. Crossmarx can conduct a pentest, but it is also possible to have it done by a third party. When having a third part do a pentest, always inform Crossmarx beforehand, as the test causes major irregular traffic on the server. - Security audit
In a security audit, a Crossmarx employee inspects the custom-made parts of the application. It is tested to be compliant with the secure development guidelines as described in these pages. This may lead to advice and tips.