Security Threat Risk Assessment
Scala4 professionals can use their long experience from many modernization and migration projects to automate the analysis of your legacy applications and reduce the risk of a security breach.
To determine the threat of data loss from a modernized application, perform a security threat assessment by making a list of vulnerabilities that could be exploited. Prioritize the vulnerabilities according to their importance to your organization, then rate each as qualitatively high, moderate or low.
For example, if a password policy is not properly set for an application, a hacker can crack the password via SQL injection. Once the hacker gets in, he can pretend to be the legitimate user, then alter the codes in a bio-metric template if it is not encrypted.
In terms of security we should analyze and implement where appropriate at the following layers:
- A secure connection via VPN or SSL to the backend system
- Spring security, a very popular security framework for J2EE application, which can work with LDAP/Active directory to protect API's URLs
- A strong type (compiled) API which prevents code injection attacks
- An optional Secure Gateway which resides in the DMZ network and mirrors the server from the internal network to the outside world
- Authentication Control - oAuth authentication
- Data Control - restricting access to certain fields and data items on the API according to user role
- Content Control - filtering the data content returned in the API response according to user role
- Modern text-based CAPTCHAS using the simultaneous use of three separate abilities—invariant recognition, segmentation, and parsing—to correctly complete the task with any consistency
Contact Scala4 for a cost free and no obligation analysis of your application.