user
  identity
 







 

Like any other valuable, software too needs security. We as software developers understand that an application with important data can be easily broken into. We therefore provide special services and application to make sure the security is maintained.

There are security risks that affect Web servers, the local area networks that host Web sites, and even innocent users of Web browsers. There are basically three overlapping types of risk:

  • Bugs or mis-configuration problems in the Web server that allow unauthorized remote users to:
    • Steal confidential documents not intended for their eyes.
    • Execute commands on the server host machine, allowing them to modify the system.
    • Gain information about the Web server's host machine that will allow them to break into the system.
    • Launch denial-of-service attacks, rendering the machine temporarily unusable.
  • Browser-side risks, including:
    • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
    • The misuse of personal information knowingly or unknowingly provided by the end-user.
  • Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server including:
    • The network on the browser's side of the connection.
    • The network on the server's side of the connection (including intranets).
    • The end-user's Internet service provider (ISP).
    • The server's ISP.
    • Either ISPs' regional access provider.

It's important to realize that "secure" browsers and servers are only designed to protect confidential information against network eavesdropping. Without system security on both browser and server sides, confidential documents are vulnerable to interception.

Protecting against network eavesdropping and system security are the subject of sections 1 to 5 of this document. Client-side security is covered in sections 6 and 7. Section 8 deals with security alerts for specific Web servers.

Examples of certification authorities include VeriSign and Entrust. Different service providers have introduced different PKI flavors in the market: X.509/PKIX, SPKI, and PGP Key Identification. X.509 is probably the most widely used specification.

This digital certification concept forms the basis for evolving secure Internet protocols such as Secure Socket Layers (SSL), which enable the exchange of sensitive e-commerce information (for example, credit card numbers) across Web sites.

For more information on the security we provide for software users contact us to learn more.
ONLINE & OFFLINE DEMONSTRATION Projects ProductsCareer QualityServices