Websecure Basic
Basic Application Security Certification - This model is designed for customers who would like to have an independent agency certify that their application has been audited for application level security using a specific Application Security audit tool. This engagement typically consists of a small eWorld team engaged for a period of 15 business days after eWorld team has been provided with a stable application version depending on the complexity of the application. A typical lifecycle of such an engagement looks like this:
• Application configuration: Applications need to be tuned or modified in certain ways for the Security test pass. For example, most applications disable an account in case of too many failed logging attempts - this functionality has to be turned off before starting Security Testing using an automated tool.
• Audit Planning: Determine what testing should be done using the tool's automated scanning mode and what should be done using a manual (but tool-based) scan.
• Audit Execution.
• Interpretation of Audit Results: Audit tools produce a large set of results that needs to be analyzed so that false positives are eliminated.
• Reporting: Prepare a report that provides an assessment of the security preparedness of the application
As a deliverable for this package eWorld provides a comprehensive report and a presentation to the appropriate CXO level audience.
Sunday, April 15, 2007
Web Projects Outsource Technologies PHP Mysql India
Websecure Advanced
Comprehensive Application Security Certification : This engagement involves manual scrutiny by a Security Audit Expert in addition to the tool-based approach used in Basic Certification. Security Audit tools have a number of limitations. There are numerous examples of vulnerabilities that went unnoticed in the tool-based audit phase but were caught by the eWorld Security team during manual verification. There are a number of well-known vulnerabilities that the tools are not necessarily aware of and hence cannot catch (e.g. Insecure Id). In addition, these tools do not consistently catch vulnerabilities that they are designed to catch. For example, while they are able to catch routine cross-site scripting vulnerabilities, they may not catch more complex scenarios like in case of SMS via mail without HTML encoding.
This engagement typically consists of a small eWorld team engaged for a period of 30 days for Websecure advanced depending on the application complexity. In addition to the Basic Certification, this service includes the following:
• Testing complex scenarios for vulnerabilities that commercial Security Testing tools are aware of
• Testing for vulnerabilities that tools do not test
• Auditing the application design and recommending changes for improved security
Both the above packages include a fixed time free email-based support after the engagement is complete. This support will be for the purpose of clarifying any queries on the contents of the report submitted by eWorld, particularly the suggested mitigation strategies.
Comprehensive Application Security Certification : This engagement involves manual scrutiny by a Security Audit Expert in addition to the tool-based approach used in Basic Certification. Security Audit tools have a number of limitations. There are numerous examples of vulnerabilities that went unnoticed in the tool-based audit phase but were caught by the eWorld Security team during manual verification. There are a number of well-known vulnerabilities that the tools are not necessarily aware of and hence cannot catch (e.g. Insecure Id). In addition, these tools do not consistently catch vulnerabilities that they are designed to catch. For example, while they are able to catch routine cross-site scripting vulnerabilities, they may not catch more complex scenarios like in case of SMS via mail without HTML encoding.
This engagement typically consists of a small eWorld team engaged for a period of 30 days for Websecure advanced depending on the application complexity. In addition to the Basic Certification, this service includes the following:
• Testing complex scenarios for vulnerabilities that commercial Security Testing tools are aware of
• Testing for vulnerabilities that tools do not test
• Auditing the application design and recommending changes for improved security
Both the above packages include a fixed time free email-based support after the engagement is complete. This support will be for the purpose of clarifying any queries on the contents of the report submitted by eWorld, particularly the suggested mitigation strategies.
Open Source Engineering -Oursource India - E World Technologies
Open Source Engineering
EWorldSource: Meeting the Enterprise IT Need
Enterprise IT today regards open source technology as crucial for developing and fielding applications to support business efficiency—it’s all about open standards, enhanced interoperability, cost savings and a shorter time to software deployment.Companies developing software products now welcome the growing demand from IT organizations to deliver software that runs on an open source stack. Efficiency and cost control are motivating software developers to create software that will last, using the latest open source technologies and ensuring that it is easy to support and maintain. And of course, the mandate is do all this with a minimum of resources: skilled staff, money, and time.That’s why Eworld has introduced EWorldSource, a set of services designed to simplify the deployment of an open source middleware stack for software applications. These services represent a significant breakthrough in helping companies build business-critical solutions based on opensource software.Concerns about using open source to build or implement software are understandable. It is easy to get bogged down in selecting the best open source technologies with the best fit for legacy environments, security, and licensing options, as well as have the skilled people to implement interoperable applications, using known best practices, testing in a production environment, and planning for support.EWorldSource solves this with a set of services built around the middleware components of a standard open source stack. These services include the evaluation of various technology options, and extend to the development, testing and deployment of software products that are tailored to meet each company’s specific requirements. EWorldSource services also include the migration and support of existing solutions to the open source stack, and the new offering covers all the layers of a typical enterprise-scale application, including the operating system, database, web server, application server and development environment.The methodology behind EWorldSource is based on a set of best practices, experience in integrating open source software and a library of proven solution architectures. Eworld has extensive experience in developing open source solutions from the ground up, working with a variety of open source components and stacks. For example, a typical open source stack for an enterprise Java web application might include Linux, PostgreSQL, JBoss, Apache web server and Tomcat. For development purposes, we might use Eclipse with some select plug-ins and open source test frameworks. Moving forward, we continue to evaluate new components in related areas, and we will adopt them based on merit and customer.
EWorldSource: Meeting the Enterprise IT Need
Enterprise IT today regards open source technology as crucial for developing and fielding applications to support business efficiency—it’s all about open standards, enhanced interoperability, cost savings and a shorter time to software deployment.Companies developing software products now welcome the growing demand from IT organizations to deliver software that runs on an open source stack. Efficiency and cost control are motivating software developers to create software that will last, using the latest open source technologies and ensuring that it is easy to support and maintain. And of course, the mandate is do all this with a minimum of resources: skilled staff, money, and time.That’s why Eworld has introduced EWorldSource, a set of services designed to simplify the deployment of an open source middleware stack for software applications. These services represent a significant breakthrough in helping companies build business-critical solutions based on opensource software.Concerns about using open source to build or implement software are understandable. It is easy to get bogged down in selecting the best open source technologies with the best fit for legacy environments, security, and licensing options, as well as have the skilled people to implement interoperable applications, using known best practices, testing in a production environment, and planning for support.EWorldSource solves this with a set of services built around the middleware components of a standard open source stack. These services include the evaluation of various technology options, and extend to the development, testing and deployment of software products that are tailored to meet each company’s specific requirements. EWorldSource services also include the migration and support of existing solutions to the open source stack, and the new offering covers all the layers of a typical enterprise-scale application, including the operating system, database, web server, application server and development environment.The methodology behind EWorldSource is based on a set of best practices, experience in integrating open source software and a library of proven solution architectures. Eworld has extensive experience in developing open source solutions from the ground up, working with a variety of open source components and stacks. For example, a typical open source stack for an enterprise Java web application might include Linux, PostgreSQL, JBoss, Apache web server and Tomcat. For development purposes, we might use Eclipse with some select plug-ins and open source test frameworks. Moving forward, we continue to evaluate new components in related areas, and we will adopt them based on merit and customer.
Software Product Development
Software Product Development
Background
Eworld Solutions Corporation is a global leader in business performance management software. Eworld provides an integrated suite of software products for financial planning, budgeting, performance management, and reporting. Along with the industry's most comprehensive and flexible set of interoperable applications, Eworld offers the leading business intelligence platform optimized to support its business performance management solutions. The Common Technology Group was formed to architect and build the underlying infrastructure platform and components to integrate all Eworld's products for seamless interoperability.
Project Objectives
The Common Technology Group at Eworld has successfully used outsourced engineering services from Eworld to help build infrastructure modules for its centralized base platform. The platform is an integral part of Eworld's product suite, making it easier for customers to install Eworld's products and use them seamlessly together.
Eworld selected Eworld to provide design, development, and testing services to the Common Technology Group.
Eworld Solution
The Common Technology Group and Eworld worked together to establish clear project goals, appropriate engineering processes for distributed product development, communications and review processes, knowledge transfer programs, and engagement rules for superior project execution. Eworld established a development and quality testing team to work with Eworld - including a segregated, secure facility in India. The project delivery was managed by Eworld under Eworld's guidance. There were periodic customer visits to the Eworld center, as well as day to day communications between the teams in the US and Eworld India.
The project included design and architecture, development, and testing. Initially, Eworld helped set priorities and requirements as well as establish the processes for developing and testing the software. Eworld's proven engineering management practices and commitment to knowledge transfer allowed the team to evolve and assume additional responsibilities. The team is fully integrated and members from both Eworld and Eworld participate in setting direction, managing the project, and resolving issues. Eworld's adaptive processes support swift issue resolution and create a positive environment for evolving goals, effective communications, and efficient working models.
Eworld considers Eworld to be a strategic engineering partner in their product development lifecycle and appreciates the ease of working with Eworld.
Technologies Used
Eworld's product engineering experience spans a wide variety of software technologies. Eworld's focus on product engineering for enterprise applications and infrastructure products helped Eworld contribute significantly towards efficient software product design, development and testing of the Eworld platform.
Eworld's technical expertise was leveraged effectively in various areas such as the design and development of:
Common security services across all Eworld products
Common installation services to enable uniform and consistent installers for the entire Eworld product suite
Common metadata services to enable data sharing across all Eworld products including selection and implementation of appropriate data integration technologies - JDBC/ODBC, and XML
Common event services including the workflow engine
Common administrative services to provide common administrative solutions like user maintenance, user privileges, toggling between different product suites of different domains and more
To ensure quality, Eworld's services also included testing and product certification across multiple platforms. Eworld brought specific expertise in the following technologies :
LDAP directory services
J2EE technologies
App Servers: WebLogic, WebSphere
Web Servers
Open source software: Tomcat and MySQL
Operating systems: W2K, Sun Solaris, HP-UX, AIX
Databases: DB2, Oracle, SQL Server, MySQL and JDBC/ODBC drivers, XML tools
Background
Eworld Solutions Corporation is a global leader in business performance management software. Eworld provides an integrated suite of software products for financial planning, budgeting, performance management, and reporting. Along with the industry's most comprehensive and flexible set of interoperable applications, Eworld offers the leading business intelligence platform optimized to support its business performance management solutions. The Common Technology Group was formed to architect and build the underlying infrastructure platform and components to integrate all Eworld's products for seamless interoperability.
Project Objectives
The Common Technology Group at Eworld has successfully used outsourced engineering services from Eworld to help build infrastructure modules for its centralized base platform. The platform is an integral part of Eworld's product suite, making it easier for customers to install Eworld's products and use them seamlessly together.
Eworld selected Eworld to provide design, development, and testing services to the Common Technology Group.
Eworld Solution
The Common Technology Group and Eworld worked together to establish clear project goals, appropriate engineering processes for distributed product development, communications and review processes, knowledge transfer programs, and engagement rules for superior project execution. Eworld established a development and quality testing team to work with Eworld - including a segregated, secure facility in India. The project delivery was managed by Eworld under Eworld's guidance. There were periodic customer visits to the Eworld center, as well as day to day communications between the teams in the US and Eworld India.
The project included design and architecture, development, and testing. Initially, Eworld helped set priorities and requirements as well as establish the processes for developing and testing the software. Eworld's proven engineering management practices and commitment to knowledge transfer allowed the team to evolve and assume additional responsibilities. The team is fully integrated and members from both Eworld and Eworld participate in setting direction, managing the project, and resolving issues. Eworld's adaptive processes support swift issue resolution and create a positive environment for evolving goals, effective communications, and efficient working models.
Eworld considers Eworld to be a strategic engineering partner in their product development lifecycle and appreciates the ease of working with Eworld.
Technologies Used
Eworld's product engineering experience spans a wide variety of software technologies. Eworld's focus on product engineering for enterprise applications and infrastructure products helped Eworld contribute significantly towards efficient software product design, development and testing of the Eworld platform.
Eworld's technical expertise was leveraged effectively in various areas such as the design and development of:
Common security services across all Eworld products
Common installation services to enable uniform and consistent installers for the entire Eworld product suite
Common metadata services to enable data sharing across all Eworld products including selection and implementation of appropriate data integration technologies - JDBC/ODBC, and XML
Common event services including the workflow engine
Common administrative services to provide common administrative solutions like user maintenance, user privileges, toggling between different product suites of different domains and more
To ensure quality, Eworld's services also included testing and product certification across multiple platforms. Eworld brought specific expertise in the following technologies :
LDAP directory services
J2EE technologies
App Servers: WebLogic, WebSphere
Web Servers
Open source software: Tomcat and MySQL
Operating systems: W2K, Sun Solaris, HP-UX, AIX
Databases: DB2, Oracle, SQL Server, MySQL and JDBC/ODBC drivers, XML tools
Subscribe to:
Comments (Atom)