Security Policy

Introduction

Al-Qadisiyah University is committed to providing a secure digital environment for all users. This policy outlines the security procedures and measures implemented to protect the website and data.

SSL Certificate and Encryption

• Our website uses a valid SSL certificate to encrypt all communications
• All transmitted data is protected with HTTPS encryption
• HSTS policy is implemented to ensure secure connections

Attack Protection

DDoS Protection

• Advanced protection system against denial-of-service attacks
• Continuous monitoring of abnormal traffic

SQL Injection Protection

• Inspection and filtering of all inputs
• Use of parameterized queries

XSS Protection

• Sanitization of user-submitted content
• Content Security Policies (CSP)

Firewall

• Web Application Firewall (WAF)
• Blocklists for suspicious addresses
• Monitoring and logging of intrusion attempts

Security Testing

We conduct regular security tests including:

• Penetration testing
• Vulnerability scanning
• Code review
• System and library updates

Access Management

• Principle of least privilege
• Multi-factor authentication for administrators
• Regular review of access permissions
• Logging of all login activities

Backup

• Daily data backups
• Storage in multiple geographic locations
• Regular testing of data recovery

Incident Response

We have a security incident response plan that includes:

1. Rapid detection and identification
2. Containment and isolation
3. Threat elimination
4. Service restoration
5. Documentation and review

Vulnerability Reporting

We encourage security researchers to responsibly report any vulnerabilities:

• Email: security@qu.edu.iq
• Phone: +964 780 000 0000

Security Updates

We commit to:

• Regular software updates
• Applying security patches upon release
• Annual review of security policies

Last Updated: January 2026