Right from the start we've designed and built Jiglu with security as one of the most important considerations. From the beginning Jiglu has had a strong role-based permissioning model that ensures users only have access to appropriate resources. An extensive unit test suite ensures that API calls cannot breach that model. Since then we've added additional security features, such as two-factor authentication and password encryption upgrades to ensure we continue to meet current best practice. We've also added new user account integrity features, including additional workflow options to prevent accounts being taken over.
It's always good to get an outside view of flaws that may have been overlooked and this summer with one of our customers a source code security review and a penetration test of their product installation were carried out. This work found some cases where we had not considered how the product might be used in a malicious way, a number of recommendations for hardening the product against vulnerabilities and several script injection flaws in the web application that had been missed. We were pleased though that the core integrity of our security model was not an issue.
With Jiglu 11.8 and 11.9 we addressed all these issues. Significant enhancements to our test suite were also made to better safeguard against future web application vulnerabilities slipping through. You can find the details of all these changes in our release notes.
With our latest version we think Jiglu is now an even better solution for collaborating securely and in an environment where you get to keep total control of your own data. None of your data, metadata or user behaviour gets shared with anyone else, ever.
If you haven't tried Jiglu yet then give it a spin, or drop us a line to (Address removed) if there's anything you'd like to know more about.