All Collections
brains.app Introduction
Others
What security checks does Intellisense.io run?
What security checks does Intellisense.io run?

Feature security tests the system to identify any flaws and gaps from a security point of view

Menna Wael avatar
Written by Menna Wael
Updated this week

At IntelliSense.io, we take security seriously and have implemented a number of measures to ensure that our system is secure. We are proud to be Cyber Essentials certified, a scheme backed and supported by the UK Gov and the industry to promote best practices and protection against online threats.

It's worth noting that we also run data, integration, and other security tests in addition to the feature security checks described in this article. Specifically, we follow a set of standard security checks that are tailored to our system to verify how secure it is. These checks are run constantly and include the following:

  1. Verifying that all password fields are encrypted.

  2. Informing the user of their last login time after logging in.

  3. Verifying the functionality of logging in with a valid username and password.

  4. Ensuring that the login page cannot be accessed using the back button.

  5. Testing the functionality of logging in with the old password.

  6. Testing the functionality of logging in with the old password after resetting the password.

  7. Verifying that the user receives an email when their account is unlocked.

  8. Ensuring that the login URL is using HTTPS.

  9. Testing concurrent sessions.

  10. Verifying that the error message displayed for invalid credentials is generic.

  11. Testing the session time for logged-in users.

  12. Verifying that the password reset link expires after one use.

  13. Testing the login functionality for inactive users.

  14. Testing the login functionality for different accounts on the same browser.

  15. Testing the login functionality with the same accounts in different browsers.

  16. Ensuring that passwords are encrypted and not decipherable even if copied.

  17. Verifying the first name, last name, and display name fields by entering more than 30 characters.

  18. Locking out the user's account after 10 invalid login attempts.

  19. Ensuring that the user cannot access unshared dashboard pages by changing the URL parameters.

  20. Verifying that the user can only access the screens they have permission for.

  21. Ensuring that users can change their password and log out.

  22. Verifying that changing the password requires the provision of the old password.

  23. Enforcing password complexity rules on all authentication pages, including registration, forgot password, and change password pages.

Did this answer your question?