Security Threat Risk Assessment

Scala4 professionals can use their long experience from many modernization and migration projects to automate the analysis of your legacy applications and reduce the risk of a security breach.

To determine the threat of data loss from a modernized application, perform a security threat assessment by making a list of vulnerabilities that could be exploited. Prioritize the vulnerabilities according to their importance to your organization, then rate each as qualitatively high, moderate or low.

For example, if a password policy is not properly set for an application, a hacker can crack the password via SQL injection. Once the hacker gets in, he can pretend to be the legitimate user, then alter the codes in a bio-metric template if it is not encrypted.

In terms of security we should analyze and implement where appropriate at the following layers:

  • A secure connection via VPN or SSL to the backend system
  • Spring security, a very popular security framework for J2EE application, which can work with LDAP/Active directory to protect API's URLs
  • A strong type (compiled) API which prevents code injection attacks
  • An optional Secure Gateway which resides in the DMZ network and mirrors the server from the internal network to the outside world
  • Authentication Control - oAuth authentication
  • Data Control - restricting access to certain fields and data items on the API according to user role
  • Content Control - filtering the data content returned in the API response according to user role
  • Modern text-based CAPTCHAS using the simultaneous use of three separate abilities—invariant recognition, segmentation, and parsing—to correctly complete the task with any consistency

Contact Scala4 for a cost free and no obligation analysis of your application.