Platform security is paramount in our mission, offering premium subscription levels to handle the most secure data needs as well as affordable & sustainable options for organizations worldwide.
EBSCOed’s security philosophy uses industry-leading technology and security standards. Ensuring your information is safe and secure is paramount for any organization. EBSCOed has been built to prevent the worst from happening by providing a secure Content Management System (CMS) and application framework with robust security. Organizations worldwide rely on EBSCOed for websites and mobile applications, testing its security against the most stringent standards and protection against the most critical internet vulnerabilities in the world. As a subscription service, we take care of the maintenance behind the scenes so you can focus on what you’re passionate about, creating a great experience. One affordable annual license fee guarantees all your integrations will be maintained, software and hardware updates are taken care of, and security remains at an industry best.
The security measures EBSCOed employs differ from the more traditional on-premises security. Security responsibilities are shared between your organization and EBSCOed. In this case, EBSCOed is responsible for securing the underlying infrastructure that supports the subscription service, and you’re accountable for anything you put on the cloud, such as your website content. This shared security responsibility model can help increase security while reducing your operational burden in many ways. The amount of security configuration work you have to do varies depending on how sensitive your data is.
Preventing XSS, CSRF, and other malicious data entry is a primary priority, ensuring that data is validated and scrubbed before entry in the database. The system tests that user-entered data--and even the form fields themselves--match prescribed, expected formats and values. Tokens are injected into each form as it is generated, to protect against potential CSRF attacks. Database abstraction layer performs additional security checks on data as it is written to and retrieved from the database. This of course is limited to the platform's configurable features and relies on customer discretion when creating content & selecting access and configuration rules. EBSCOed considers the data within the customer's dedicated instance property of the customer; we have strict policies regarding data access and therefore do not proactively monitor client elections, uses or content.
Anonymous experiences, particularly in environments with no PII, may result in customer elections and uses that allow for low-risk vulnerabilities that are unlikely to result in any harm. These can largely be mitigated by protecting access to authorized users. In cases where even low-risk vulnerabilities must be 100% prevented such as use cases involving PII, sensitive or proprietary content being stored, premium subscriptions tailored to customer policy are available that meet the world's most stringent standards. Many Fortune 500 companies and governments around the world choose EBSCOed to meet these most stringent use cases.
Should you detect an incident, please notify us immediately in support of our shared responsibility model. We also offer consultative services should you wish to explore advice on meeting your internal policies - this may include network security, access controls, system configuration, implementation analysis, etc. Please see our SLA and Terms of Service outlining our commitment based on our standard subscription service. It is our pleasure to service you and your users.
What is XSS?
XSS stands for Cross-Site Scripting. It is a type of security vulnerability commonly found in web applications. XSS occurs when an attacker injects malicious scripts (usually written in JavaScript) into a web application that is then executed in the context of another user's browser. This can lead to various security risks and potentially compromise the integrity of the website and the privacy of its users.
What is CSRF?
CSRF stands for "Cross-Site Request Forgery." It is a type of cyber attack where an attacker tricks a user into unknowingly performing actions on a web application without their consent. This is done by exploiting the trust that a web application has in the user's browser.