Our Services

Internet NHS website

Secuity Fixes, Code Improvements and Redesign

Project Description

Fairmort initially provided a due diligence service to help our client negotiate the purchase of the business. We then provide a specification of critical security fixes and suggested improvements to add functionality and to provide improved administration tools. This project is running for 4 months and is the largest undertaken by Fairmort to date.

Technologies Used

Written in ASP.NET & VB, using nHibernate to generate SQL.

Phase 1

The initial phase of the project was to remove all the obvious security flaws, including SQL injection, script injection and page security holes. Security is a major issue with any website that deals with confidential information, but was especially important in this instance as the website contained many holes that could be exploited, resulting in the loss of public data and the ensuing business consequences and embarrassment. All the fixed applied by Fairmort were independently tested, and approved, by a Security Consultancy and Auditing company.

Phase 2

The second phase of the project required the changing of the architecture to fit into the recommended n-tier structure, giving all the additional security benefits. We advised our client how best to structure their own environments to take advantage of the new architecture. We also provided additional functionality to remove many of the manual support tasks and negate the need for direct database access. We provided an administration application, separate to the main website, which allowed IT administrators to automate many processes, including new client set up, transaction archiving, release control and generic reporting tools. The final part of the project was to re-brand the site to the new corporate colours and amend any pages affected by the new layout.