Application Development – Product Security

Last updated January 19, 2024

The 27k1 Software is a Line of Business application (LOB).

Microsoft LOB applications offer several security advantages over traditional, downloadable apps:

  1. There are no .msi or .exe file types for malware to contaminate or clone.
  2. The app will not install unless a valid security certificate is assigned to it by 27k1 Ltd. This ensures that the application is from a trusted source.
  3. As a trusted source, 27k1 Ltd use GlobalSign’s Certification Services - https://www.globalsign.com/ to provide validated certification.
  4. LOB apps reside in an isolated area within the computer, this is called “Sand Boxing” or "Containerized". The app is not allowed to communicate outside this sand boxed area unless a prompt is provided to the user. File exporting and importing is a good example.
  5. Software updates are issued by default from 27k1’s website.
    To ensure updates are delivered from the correct webserver, the 27k1 RMS application checks the web server's security certificate to ensure the updated package is installed from the 27k1's approved domain.
  6. When the app is uninstalled, all components of the app are removed leaving no file remnants.

      Additional security assurances:

      1. The application is developed in a secure, multi-tier firewall environment.
      2. Detailed development and deployment procedures are used to ensure maximum reliability.
      3. Commercial anti-virus software scans the development files on a real-time basis.
      4. Source code is backed-up on a regular basis and stored in remote locations.
      5. Azure DevOps repos is used to control the software's development cycle.
      6. Occasionally, Microsoft issue .NET security updates. These security updates are deployed within the 27k1 software applications within 14 days of issue.

          27k1 Ltd rigorously test new features, however software is extremely complex and from time to time, bug fixes may be issued to ensure the platform is resilient and conforming to design.

          To further help app resilience, 27k1 Ltd uses the CryptoLens API which anonymously records any application crashes, which are monitored and the fixes implemented as required.

          Development and Programming Oversight:

          27k1 Ltd undertake all system development and coding in the UK. The software code is written in C#.