1 / 18

How Secure is Secure? Learning Security of Software

This presentation explores essential security concerns in software applications, addressing common questions that arise during the sales process. Topics include data sharing, web client security, server security, encryption, access management, and audit logs. Lee Pepper and Casey Bader discuss how to secure web applications using HTTPS, manage user access, and ensure data privacy. Attendees will learn about the importance of backup and restore plans, as well as password security measures like SHA encryption and user management via groups, enhancing overall software security.

ayala
Download Presentation

How Secure is Secure? Learning Security of Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How Secure is Secure? Learning Security of Software Presented by Lee Pepper and Casey Bader

  2. Questions about Security • At some point in the sales process the questions about security arise • I’ve led the discussion to this point • Integration • Data sharing • Hosting

  3. Kinds of Security Concerns • Administrative • Is a web client secure?

  4. Kinds of Security Concerns • Administrative • Is a web client secure? • Too technical • Is the Internet secure? • Can someone hack our system? • Can we keep our program-specific data from other departments?

  5. Kinds of Security Concerns • Technical • Do you encrypt your data? • How do you manage access? • Do you have audit logs? • What are your backup and restore plans?

  6. General Security Concerns • Is a web application secure? • Have you ever purchased anything online? • Web applications can be secured by using encryption of the communication layer. • The use of an SSL key over HTTPS (secure connection)protects your data from being intercepted between your computer and the server.

  7. General Security Concerns • Server Security • How do I know my files are secure?

  8. General Security Concerns • Server Security • How do I know my files are secure? • All data access is logged.

  9. Audit Log

  10. General Security Concerns • Server Security • How do I know my files are secure? • All data access is logged. • Who can access the data?

  11. General Security Concerns • Server Security • How do I know my files are secure? • All data access is logged. • Who can access the data? • All data access is controlled at the user level. • Per group, user, data logic • Data does not leave the server unless user is authenticated and authorized to view the data. • Business logic can be applied per field also. (SSN Masking) 123-12-1234 becomes xxx-xx-1234

  12. General Security Concerns • Server Security • What if something bad happens? • Hosted Data • Data can be restored quickly via a backup that is run every 4 hours. (Can be run more often if required) • Local Data • This is dependent on your IT staff and facility managers • We suggest the above to protect your data.

  13. Database Security • Hosted Security • Who has my data? • Green House Data • Secure Facility

  14. Password Security • What about my password? • Passwords are secured by SHA (Secure Hash Algorithm) and this is done using the ASP.NET membership provider; a standard, scalable, user management system. • Administrators never have edit access to any passwords. • New auto reset path

  15. Security Groups • Can a supervisor have different permissions than a caseworker? • Of course. User groups are a simple way to control access to special areas of the system as well as specific actions on objects. • Groups can control Add, Edit, Delete • They also are a part of business logic security. • E.g., if an application is ready for payout you must be a supervisor to update the next status.

  16. What does all this look like in RiteTrack?

  17. Business Logic Security • How does business logic security work?

  18. Business Logic Security • How does business logic security work?

More Related