Friday, June 11, 2010

When Software Security Really Matters: Developers turn to uniPaaS

Application security is one of the real strengths of the uniPaaS application platform. We don’t often say much about it, because I think most uniPaaS developers simply take the security of the uniPaaS application platform as a given. One recent announcement serves as a clear reminder however, that the uniPaaS application platform is truly a star among application platforms when software security is a top concern. Magic Software recently announced a contract with the Military Police unit of the Israeli Defense Forces. The agreement includes the uniPaaS code-free application platform and iBOLT business integration suite. This decision was made by the IDF as part of an effort by Israeli defense authorities to strengthen information security.

"Once implemented, both systems will provide the military police with real-time status reporting and a full picture of nation-wide operations at any given snapshot, for hundreds of system users," Yoram Aharon, Magic Software Israel chief executive officer, said in a statement that received attention by UPI, FoxBusiness and scores of other news outlets.

With the global network security market predicted to reach about $9.5 billion by 2015, securing a new Web based application against internet hacking is harder than before. The proliferation of new viruses, malware and hacking attacks continues to rise.

Making sure your Web browser and business software is full patched, your Antivirus and Firewall software running and up to date with the latest definition sets doesn’t come cheap or simple.

The power of the internet without the vulnerability of the browser

The uniPaaS application platform is non-browser based. Instead uniPaaS applications sit within their very own dedicated sandbox. So it’s not subject to the security threats that browser-based applications typically suffer from.

In addition, the message and protocol used to communicate between the Server and Client in uniPaaS applications is proprietary and secured. With the Client not directly accessing any back-end databases, enterprises can prevent font-end users from directly accessing sensitive data files, and avoid potential data theft or corruption.

Internet applications serve as a target for malicious threats. These threats are categorized into three main categories: Network threats, Host threats, and Application threats. Magic Software offers a comprehensive White Paper on the security of Rich Internet Applications. For additional information on RIA Security, I recommend this White Paper. It does a good job of identifying threats, countermeasures and whether it is a uniPaaS issue or an IT infrastructure security issue external to uniPaaS.

A number of recommendations should be kept in mind when securing a uniPaaS RIA application:

  • Secured Layer. Secured HTTP is the recommended protocol to use between the client and the Web server. Furthermore, you can utilize uniPaaS SSL support for behind-the-scenes communication. You can configure the Enterprise Server, Broker and Requester to inter-communicate with each other over SSL.

  • Encrypted Data. Utilize uniPaaS built-in support for sensitive data encryption to ensure confidentiality.

  • Direct SQL. If you choose to implement the uniPaaS Direct SQL feature, avoid creating an SQL statement that can be modified by user input in a way that can hinder the integrity of the statement.

  • Error Handling. Use the uniPaaS error handling mechanism and make the application proactive in cases of runtime errors.

  • LDAP Facility. Utilize the uniPaaS ability to interact with authorization facilities, such as LDAP and Microsoft Active Directory®.

  • Rights Mechanism. Use the uniPaaS Rights mechanism to properly grant application privileges to each identified user. In addition, you may wish to consider third-party solutions for multi-tenant rights administration built on the uniPaaS rights mechanism such as UPlogin. Click here to: View An Online Demonstration of UPlogin on YouTube.
  • No comments:

    Post a Comment