STEP 2 of 6Account Information

SCRIP-SAFE International Security Information

Credentials eScrip-Safe is committed to adherence to the latest standards in electronic data interchange security. The cornerstones of our security measures are defined below.

1. Encryption

   Encryption is the process of transforming information into an indiscernible coded message. Information transmitted while accessing school information over the Internet or submitting an online application is encrypted using Secure Sockets Layer (SSL) Technology, a state-of-the-art encryption process developed by Netscape Communications Corporation.

   This process utilizes a unique mathematical formula or “Key” to encrypt your information. Encryption strength is measured by the length of the “Key” used to encrypt the data. Longer “keys” provide more effective encryption. Browsers generally offer two levels of encryption strength:

   • 40-Bit Encryption Key (International Grade Encryption)
   • 128-Bit Encryption Key (Domestic Grade Encryption)

2. Digital Certificate

   A Digital ID is an electronic fingerprint bonded to the “keys” used to encrypt information transmitted over the Internet. Referred to as a Digital Certificate, this unique identifier substantiates eSCRIP-SAFE’s identity to your browser. eSCRIP-SAFE is registered with the certificate authority, Thawte.

3. Authentication

   eSCRIP-SAFE requires that users authenticate themselves via a unique username and password.

4. Authorization

   Each user is designated with a system profile that limits his abilities within eSCRIP-SAFE. Users are designated as local administrators, senders, or receivers.

eSCRIP-SAFE Security Audit performed by Relevance ®

• Source Code Audit: Source code audited identifying possible vulnerabilities in critical areas including input sanitization, SQL queries, and sensitive data storage.
• XSS Audit: Tested all endpoints exposed by the application to verify that scripts cannot be injected into the application. This reduces the risk of Cross-Site Scripting (XSS), which can expose sensitive customer data, violate privacy, and lead to further compromises.
• SQL Injection Audit: Tested all endpoints exposed by the application to verify that SQL cannot be injected into the database. An SQL injection attack can expose sensitive data and corrupt the database.
• Fuzzing Audit: Crawled and indexed the application for fuzzing vulnerabilities. Fuzzing is an automated attack, which bombards an entire application with bad data and verifies that the application responds appropriately.
• Deployment Stack Audit: Tested the production environment, examining key elements such as the operating system, web server, and applicable databases.