| |
 |
Application Security Consulting |
|
| Today bringing your business online is a must in an effective business development strategy. Thus more and more sensitive data is moving to the web which brings new application security and information confidentiality challenges. |
| |
| Complex Approach to Securing Web Applications |
| The most secure web applications are those that are developed initially with security in mind. specialists follow a holistic approach to designing, building and supporting secure web applications. We address security issues on all application tiers (web server, application server and database). |
| While developing secure web applications we analyze vulnerability categories and potential threats (external or internal) depending on application scenario and technologies used. This enables us to develop an effective security architecture and take proper countermeasures. |
| |
| Content and Document Management |
|
|
|
| Securing Practices and Countermeasures |
|
|
| Authentication |
Web content management, enterprise knowledge and document management solutions
|
|
|
| Input Validation |
Buffer overflow, cross-site scripting, SQL isnjection
|
| |
|
| Input Validation |
Privilege elevation, confidential information disclosure, data tampering
|
| |
|
| Configuration Management |
Unauthorized access to application administration, hacking of configuration data
|
| |
| |
|
| Configuration Management |
| Sensitive data discloser, network eavesdropping, data tampering |
| |
| |
| |
|
|
- Partition of public and restricted areas
- Account disablement policies
- Proper credentials verification and storage
- Proper password handling
- Authentication data protection
- Communication channels securing using SSL
|
|
- Thorough input validation
- Proper input filtration
- Centralized validation strategy
- Proper database access
|
|
- Multiple gatekeepers
- Authorization granularity
- Role-based security
- Strong access controls
- Strong access controls
|
|
- Role-based administration with strong authentication
- Secure communication channels for remote administration (SSL, VPN)
- Restricted access to configuration data
- Least privilege approach
|
|
- Role-based access to sensitive data
- Sensitive data on demand approach
- Data encryption
- Proper information storage and secure communication
|
| |
| |
|
|
|
| The above vulnerabilities are just a part of a bigger list. Internet, intranet or extranet applications each has its specific security issues and challenges that need to be analyzed and addressed. |
| Our efficient project management methodology, proven delivery model and customer-oriented approach guarantee every project's success |
| |
| Securing Applications through Development Life Cycle |
| From initial stages of the software development cycle Iflexion specialists thoroughly consider security implications. This allows defining potential risks early and implementing effective countermeasures. |
| |
| Securing Categories and Practices |
|
|
|
| Development Life Cycle Phase |
|
|
|
Threat Modeling
|
|
|
Security Design Practices
|
|
Security Architecture
|
|
Code Development and Review
|
|
Technology Related Threats
|
|
Security Testing
|
|
Deployment Review
|
| |
| |
|
|
|
Architecture Design
|
|
Architecture Design
|
|
Architecture Design
|
|
Implementation
|
|
Implementation
|
|
Testing and Stabilization
|
|
Deployment and Maintenance
|
| |
| |
|
|
Architect(R), Developer(I),Tester(I)
|
|
Architect(R), Developer(I)
|
|
Architect(R)
|
|
Developer(R), Tester(I)
|
|
Developer(R)
|
|
Tester(R), Architect (C), Developer (I)
|
|
System Administrator (R), Architect(C), Developer(I), Tester(I)
|
| |
|
|
|
|
|
| |
| |
| |
| |
