Security

Application security, in particular those, which are accessible via the Internet, has many different facets.

Infrastructure Security
One major aspect is infrastructure security. Is data encrypted? Are there firewalls that channel network traffic and only let through desired network protocols? Are the operating systems on which the solution is installed set up for security? Is an application firewall used? Our security solution supports all necessary, open standards in order to integrate itself smoothly into every predefined environment.

Authentication
Providers have flooded the market with products that address the topic of authentication. Here again we profit from our open architecture and are able to integrate into all possible authentication processes. These range from PIN or TAN to SecurID and certificates.

Application Security
The most important topic consistently is the security of the application itself. What protects and controls access to highly sensitive corporate data? It is primarily the application itself. And it is precisely here that a wide range of potential security loopholes present a threat.

On the website of the important Open Web Application Security Project – OWASP – there are descriptions of the 10 most critical security loopholes in modern applications. The type of threat called A4 - Insecure Direct Object Reference – belongs to the most dangerous security loopholes in corporate-critical systems, because it is very difficult to identify for developers and practically impossible to find for the testing team.

From our own experience, we know that practically all solutions are affected by this type of threat. The consequences of this threat can be catastrophic: data can be stolen, manipulated, or deleted. Until now, it was only possible to identify this type of threat through comprehensive (in other words, not through some random sampling) source code reviews of every new release. Now tell the truth – when was the last time that you carried out such a review?

This is not necessary with our solution. Our unique SecurityEngine reliably protects you from this type of threat. By innovatively intervening into every data access request, we ensure that no manipulated data access attempt makes it as far as to your database. Good to know that our solutions are really protected.