{"id":7733,"date":"2019-01-30T13:07:05","date_gmt":"2019-01-30T13:07:05","guid":{"rendered":"https:\/\/support.loginextsolutions.com\/?p=7733"},"modified":"2026-01-28T09:42:56","modified_gmt":"2026-01-28T09:42:56","slug":"monitoring-production","status":"publish","type":"post","link":"https:\/\/support.loginextsolutions.com\/index.php\/2019\/01\/30\/monitoring-production\/","title":{"rendered":"Monitoring and Security of the Production Environment"},"content":{"rendered":"\n\n\n\t
\n\n\t\t<\/i><\/span> Download PDF<\/a>\n\n\t<\/div>\n\n\n\n\n\n

LogiNext has rolled out a systematic approach for monitoring its n-tier application stack which adds to a healthier environment, stable infrastructure, better user experience, disruption-less services and no performance bottlenecks. <\/p>\n

Following approach for Monitoring is followed at LogiNext:<\/p>\n

Infrastructure Monitoring<\/b><\/p>\n

The infrastructure that hosts an application environment is made up of multiple components: servers, storage devices, load balancer etc. Along with our Cloud Service providers, LogiNext ensures that the basic requirement in checking the health of these devices is met by setting up right thresholds on the metrics for alerting. LogiNext uses Zabbix and AWS CloudWatch for infrastructure monitoring. <\/p>\n

Platform Monitoring <\/b><\/p>\n

LogiNext application is typically uses third-party tools such as RDBMS (MySQL) and NoSQL (MongoDB) data repositories; full-text search engines (ElasticSearch) ; BigData platforms (Hadoop, Spark); messaging systems (Redis, ElastiCache); memory object caching systems (Redis), application logging and monitoring (ELK). Most of these tools provide some interface, mainly via REST APIs and libraries that are leveraged to implement plugins on the main monitoring platform.<\/p>\n

Application Monitoring <\/b><\/p>\n

Application level checks are implemented during all the phases of SDLC: <\/p>\n

Development – Unit Testing (J Unit) and Strict Code Reviews (Sonar Lint)<\/p>\n

Testing – Jmeter, Selenium for Web applications and Appium for Mobile applications, Newman and Postman for API Testing, Redmine for Defect management and Tracking. <\/p>\n

Deployment – Docker, Jenkins and Proprietary Scripts. <\/p>\n

Application logging and monitoring – ELK – Elasticsearch, Logstash, Kibana<\/p>\n

The implementation of application level monitoring is simplified with the help of 100+ LogiNext API endpoints and web hooks. DevOps and testing teams participate in the design reviews to improves operability of a system. <\/p>\n

<\/p>\n

Following best practices are followed at LogiNext to ensure Security and Monitoring of the Application and Client Data:<\/b><\/p>\n

1. Access Control Requirements:<\/b><\/p>\n

\u2022 Requiring a user identification and password to restrict system and data access.<\/p>\n

\u2022 Developing applications that will not be overridden by SQL commands.<\/p>\n

\u2022 Programming with valid accounts (ex: do not use anonymous or default accounts).<\/p>\n

\u2022 Encrypt local passwords and follow the company password management policy.<\/p>\n

\u2022 Integrate with Active directory using LDAP protocol.<\/p>\n

2. System and Data Integrity Concerns:<\/b><\/p>\n

\u2022 Perform software upgrades and security patches as per approvals.<\/p>\n

\u2022 Restricted use of configuration files.<\/p>\n

\u2022 Allow only acceptable error codes with proper handle.<\/p>\n

\u2022 Data encryption for sensitive or critical data.<\/p>\n

\u2022 Cookies holding sensitive information must be encrypted.<\/p>\n

3. Privacy\/Confidentiality<\/b><\/p>\n

\u2022 Do not store sensitive information on web pages.<\/p>\n

\u2022 Do not using persistent cookies (lifetime \u2013 undefined).<\/p>\n

\u2022 Do not store personal information into cookies.<\/p>\n

4. Application security<\/b><\/p>\n

\u2022 The developers must ensure that OWASP top 10 application security is addressed<\/p>\n

\u2022 Injection<\/p>\n

\u2022 Broken Authentication and Session Management<\/p>\n

\u2022 Cross-Site Scripting (XSS)<\/p>\n

\u2022 Broken Access Control (As it was in 2004)<\/p>\n

\u2022 Web and Application Security Misconfiguration<\/p>\n

\u2022 Sensitive Data Exposure<\/p>\n

\u2022 Insufficient Attack Protection (NEW)<\/p>\n

\u2022 Cross-Site Request Forgery (CSRF)<\/p>\n

\u2022 Using Components with Known Vulnerabilities<\/p>\n

\u2022 Under protected APIs (NEW)<\/p>\n

\u2022 Hidden Field Manipulation<\/p>\n

5. Source code<\/b><\/p>\n

\u2022 Protect the source code with user identification and password<\/p>\n

\u2022 Source Code definition must mention \u201cmeaningful information, eye readable, and<\/p>\n

unencrypted<\/p>\n

\u2022 The codes written must be free from Viruses, Trojans, Bugs and other factors that<\/p>\n

may jeopardise its working, use of licensed software, testing and acceptance criteria,<\/p>\n

jurisdiction of Legal aspects.<\/p>\n

\u2022 All codes should be submitted to TFS.<\/p>\n

6. Documentation<\/b><\/p>\n

\u2022 Techno functional Change Description.<\/p>\n

\u2022 Deployment document.<\/p>\n

\u2022 UAT Cases.<\/p>\n

7. Development Tools<\/b><\/p>\n

\u2022 Developer can use only below development tool to develop any application. In case of any new tool requirement development team must take approval from \u2018Information Security Team\u2019.<\/p>\n

\u2022 Following are the approved development tools: – Telerik, Obout, Twin Control, Visual Studio, Ajax Control, Fusion, Crystal Report, SQL Reporting, SQL Server, ORM, .NET Framework Version, PL-SQL Developer, SQL Developer, Data Loader, Oracle J Developer, Oracle Forms, Oracle Report, JVM \/JDK.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Download PDF LogiNext has rolled out a systematic approach for monitoring its n-tier application stack which adds to a healthier environment, stable infrastructure, better user experience, disruption-less services and no performance bottlenecks.  Following approach for Monitoring is followed at LogiNext: … Continued<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[],"tags":[1268,3020,3019,3018,3017,3016,3015,3014,3013,3011,1273,1272,1271,1270,1269,359,1267,1266,1265,1264,1263,1262,1078,1040,1039,1037,1035,1019,1018],"_links":{"self":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7733"}],"collection":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=7733"}],"version-history":[{"count":11,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7733\/revisions"}],"predecessor-version":[{"id":28093,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7733\/revisions\/28093"}],"wp:attachment":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=7733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=7733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=7733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}