SlideShare a Scribd company logo

Techcello hp-arch workshop

Download as PPTX, PDF
K
kanimozhin

Building Multi-tenant Highly Secured Applications on .NET for any Cloud - Demystified

Business
1 of 18
Building Multi-tenant Highly Secured Applications on .NET for any Cloud - Demystified 26-Jun-2013 www.techcello.com (A Division of Asteor Software Inc)
© Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
© Techcello www.techcello.com Techcello Introduction  Cloud Ready, SaaS/Multi- Tenant Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way enterprise softwares are built and managed  Saves anywhere between 30- 50% of time and cost
© Techcello www.techcello.com Speaker Profiles  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing CelloSaaS framework  Plays consultative role with customers in implementing technical solutions Jothi Rengarajan Senior Technical Architect TechCello James McGovern Chief Architect Hewlett-Packard  One of the top 10 enterprise technologists in the world  Has authored more than 6 books on computing and dozens of published articles  Twenty years experience in developing, managing and deploying large scale technology systems, business processes, and strategies
Security in Multi-Tenancy Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data. © Techcello www.techcello.com  Tenant data isolation  RBAC – Prevent unauthorized action  Data security  Web related top threats as per OWASP  Security Audit trail
© Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
© Techcello www.techcello.com Role Based Access Control (RBAC) Authentication • Kinds of authentication tokens and source • Username Password • Multi factor authentication • Claims based Authentication • User identification information • Encrypted cookie • Session Identity store • Custom Store • Password encryption/ hashing • Password change policy externalization • Active Directory Integration • Identity Federation
© Techcello www.techcello.com Role Based Access Control (RBAC) Federation servers • Oracle Identity Federation Server • ADFS • Azure Access control service
Role Based Access Control (RBAC) Authorization • Use privileges to define roles • Privilege based control for actions • Privilege based access for data • Role mapped to privileges and user mapped to roles • Code demands necessary privileges • Roles should be defined by business users • Configuration based privilege control © Techcello www.techcello.com
© Techcello www.techcello.com OWASP – TOP 10 Threats 2013  A1 Injection  A2 Broken Authentication and Session Management (was formerly A3)  A3 Cross-Site Scripting (XSS) (was formerly A2)  A4 Insecure Direct Object References  A5 Security Misconfiguration (was formerly A6)  A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)  A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)  A8 Cross-Site Request Forgery (CSRF) (was formerly A5)  A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)  A10 Unvalidated Redirects and Forwards
© Techcello www.techcello.com OWASP – open web application security project Web application top threats • Man in middle attack • Use secure channel - https • SQL Injection • Use parameterized queries • Malicious script injection and Cross Site Scripting • Validate input if it is a safe HTML • URL escape, Html escape and Javascript escape untrusted data • Cross site request • Challenge-Response such as CAPTCHA • Synchronizer Token • Origin header
Encryption • Preferred Symmetric compared to asymmetric due to performance • Use Strong Keys • Change Keys Periodically Key storage • Store in Key Vault and store away from encrypted data • Double encryption • Dual key storage Database encryption • Watch for Performance implications • Encrypt only necessary columns © Techcello www.techcello.com Data Security – Data Storage
© Techcello www.techcello.com Data Security – Sample Encryption Decryption Approach
© Techcello www.techcello.com Data Security – Data Transit Web Server to Application server • Soap Web Service • WS-Security • message security • transport security -https • client authentication - username, certificate, claims federation • Rest • Https • Custom asymmetric encryption • custom authentication End user browser to web server • Https • Custom encryption Application to Database • Transport Security
© Techcello www.techcello.com Security Audit Event Audit • Covers • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Event audit information – subject, target, context, user, datetime • Audit details stored in a separate datastore for better performance • Realtime audit details – audit cache server
© Techcello www.techcello.com Security Audit Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread.
Cello Stack – At a Glance How does it work? Administrative Tenant Licensing Metering Billing Data Backup Modules Provisioning Security User Role/Privilege Auditing Modules Management Mgmt. Custom Fields Custom LoV Ad-hoc Builders Cloud Ready, Multi-Tenant Application Development Framework Single Sign-on Dynamic Data Scope Business Rules Workflow Dynamic Forms Enterprise Engines Integration Modules Settings Template Events Notification Templates Query Chart Reports Code Productivity Boosters Templates Master Data Mgmt. Forms Generation Application Multi-Tenancy & Tenant Data Isolation Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters
© Techcello www.techcello.com Contact Details Jothi Rengarajan (jothi.r@techcello.com) James McGovern (james.mcgovern@hp.com) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello-product- demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello-resources- white-papers Thank You

Recommended

Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - Puneet Kukreja
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web AttacksAlert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 

Recommended

Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - Puneet Kukreja
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web AttacksAlert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecuritySecurity Innovation
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The CloudMark Nunnikhoven
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the CloudAlert Logic
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Giovanni Mazzeo
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security CenterLalit Rawat
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAAAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 

More Related Content

What's hot

Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecuritySecurity Innovation
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the CloudAlert Logic
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security CenterLalit Rawat
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAAAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 

What's hot (19)

Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to Security
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 

Similar to Techcello hp-arch workshop

Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
Techcello webinar ppt slideshare
Techcello webinar ppt slideshareTechcello webinar ppt slideshare
Techcello webinar ppt slidesharekanimozhin
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containersactualtechmedia
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-CloudInterop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-CloudSusan Wu
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWSKrzysztof Kąkol
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud SecurityRightScale
 
Webinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsWebinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsTechcello
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloudKrzysztof Kąkol
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Presentation ciac
Presentation ciacPresentation ciac
Presentation ciacxKinAnx
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Zeeve
 

Similar to Techcello hp-arch workshop (20)

Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
Techcello webinar ppt slideshare
Techcello webinar ppt slideshareTechcello webinar ppt slideshare
Techcello webinar ppt slideshare
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-CloudInterop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Webinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsWebinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS Applications
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloud
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Presentation ciac
Presentation ciacPresentation ciac
Presentation ciac
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
 

More from kanimozhin

Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...kanimozhin
 
Techcello at a glance
Techcello at a glanceTechcello at a glance
Techcello at a glancekanimozhin
 
Recipe for successful saas company part 1
Recipe for successful saas company part 1Recipe for successful saas company part 1
Recipe for successful saas company part 1kanimozhin
 
Single vs. multi tenant cost comparison
Single vs. multi tenant cost comparisonSingle vs. multi tenant cost comparison
Single vs. multi tenant cost comparisonkanimozhin
 
Saas challenges and solutions
Saas challenges and solutionsSaas challenges and solutions
Saas challenges and solutionskanimozhin
 
Leveraging azure and cello for delivering highly scalable multi tenant
Leveraging azure and cello for delivering highly scalable multi tenantLeveraging azure and cello for delivering highly scalable multi tenant
Leveraging azure and cello for delivering highly scalable multi tenantkanimozhin
 
How to build, manage and operate a successful saas business
How to build, manage and operate a successful saas businessHow to build, manage and operate a successful saas business
How to build, manage and operate a successful saas businesskanimozhin
 
How to benchmark the maturity of your saas solution
How to benchmark the maturity of your saas solutionHow to benchmark the maturity of your saas solution
How to benchmark the maturity of your saas solutionkanimozhin
 
Engineering & operational services plug in for cloud providers
Engineering & operational services plug in for cloud providersEngineering & operational services plug in for cloud providers
Engineering & operational services plug in for cloud providerskanimozhin
 
Cello Saas getting started
Cello Saas getting startedCello Saas getting started
Cello Saas getting startedkanimozhin
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...kanimozhin
 
Building a scalable and profitable saa s business model
Building a scalable and profitable saa s business modelBuilding a scalable and profitable saa s business model
Building a scalable and profitable saa s business modelkanimozhin
 
10 features to check out in your subscription management solution
10 features to check out in your subscription management solution10 features to check out in your subscription management solution
10 features to check out in your subscription management solutionkanimozhin
 
9 quotable quotes about multi tenancy
9 quotable quotes about multi tenancy9 quotable quotes about multi tenancy
9 quotable quotes about multi tenancykanimozhin
 

More from kanimozhin (15)

Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...
 
Slcm webinar
Slcm webinarSlcm webinar
Slcm webinar
 
Techcello at a glance
Techcello at a glanceTechcello at a glance
Techcello at a glance
 
Recipe for successful saas company part 1
Recipe for successful saas company part 1Recipe for successful saas company part 1
Recipe for successful saas company part 1
 
Single vs. multi tenant cost comparison
Single vs. multi tenant cost comparisonSingle vs. multi tenant cost comparison
Single vs. multi tenant cost comparison
 
Saas challenges and solutions
Saas challenges and solutionsSaas challenges and solutions
Saas challenges and solutions
 
Leveraging azure and cello for delivering highly scalable multi tenant
Leveraging azure and cello for delivering highly scalable multi tenantLeveraging azure and cello for delivering highly scalable multi tenant
Leveraging azure and cello for delivering highly scalable multi tenant
 
How to build, manage and operate a successful saas business
How to build, manage and operate a successful saas businessHow to build, manage and operate a successful saas business
How to build, manage and operate a successful saas business
 
How to benchmark the maturity of your saas solution
How to benchmark the maturity of your saas solutionHow to benchmark the maturity of your saas solution
How to benchmark the maturity of your saas solution
 
Engineering & operational services plug in for cloud providers
Engineering & operational services plug in for cloud providersEngineering & operational services plug in for cloud providers
Engineering & operational services plug in for cloud providers
 
Cello Saas getting started
Cello Saas getting startedCello Saas getting started
Cello Saas getting started
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
 
Building a scalable and profitable saa s business model
Building a scalable and profitable saa s business modelBuilding a scalable and profitable saa s business model
Building a scalable and profitable saa s business model
 
10 features to check out in your subscription management solution
10 features to check out in your subscription management solution10 features to check out in your subscription management solution
10 features to check out in your subscription management solution
 
9 quotable quotes about multi tenancy
9 quotable quotes about multi tenancy9 quotable quotes about multi tenancy
9 quotable quotes about multi tenancy
 

Recently uploaded

Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiMalviyaNagarCallGirl
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 

Recently uploaded (20)

Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 

Techcello hp-arch workshop

  • 1. Building Multi-tenant Highly Secured Applications on .NET for any Cloud - Demystified 26-Jun-2013 www.techcello.com (A Division of Asteor Software Inc)
  • 2. © Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
  • 3. © Techcello www.techcello.com Techcello Introduction  Cloud Ready, SaaS/Multi- Tenant Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way enterprise softwares are built and managed  Saves anywhere between 30- 50% of time and cost
  • 4. © Techcello www.techcello.com Speaker Profiles  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing CelloSaaS framework  Plays consultative role with customers in implementing technical solutions Jothi Rengarajan Senior Technical Architect TechCello James McGovern Chief Architect Hewlett-Packard  One of the top 10 enterprise technologists in the world  Has authored more than 6 books on computing and dozens of published articles  Twenty years experience in developing, managing and deploying large scale technology systems, business processes, and strategies
  • 5. Security in Multi-Tenancy Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data. © Techcello www.techcello.com  Tenant data isolation  RBAC – Prevent unauthorized action  Data security  Web related top threats as per OWASP  Security Audit trail
  • 6. © Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
  • 7. © Techcello www.techcello.com Role Based Access Control (RBAC) Authentication • Kinds of authentication tokens and source • Username Password • Multi factor authentication • Claims based Authentication • User identification information • Encrypted cookie • Session Identity store • Custom Store • Password encryption/ hashing • Password change policy externalization • Active Directory Integration • Identity Federation
  • 8. © Techcello www.techcello.com Role Based Access Control (RBAC) Federation servers • Oracle Identity Federation Server • ADFS • Azure Access control service
  • 9. Role Based Access Control (RBAC) Authorization • Use privileges to define roles • Privilege based control for actions • Privilege based access for data • Role mapped to privileges and user mapped to roles • Code demands necessary privileges • Roles should be defined by business users • Configuration based privilege control © Techcello www.techcello.com
  • 10. © Techcello www.techcello.com OWASP – TOP 10 Threats 2013  A1 Injection  A2 Broken Authentication and Session Management (was formerly A3)  A3 Cross-Site Scripting (XSS) (was formerly A2)  A4 Insecure Direct Object References  A5 Security Misconfiguration (was formerly A6)  A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)  A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)  A8 Cross-Site Request Forgery (CSRF) (was formerly A5)  A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)  A10 Unvalidated Redirects and Forwards
  • 11. © Techcello www.techcello.com OWASP – open web application security project Web application top threats • Man in middle attack • Use secure channel - https • SQL Injection • Use parameterized queries • Malicious script injection and Cross Site Scripting • Validate input if it is a safe HTML • URL escape, Html escape and Javascript escape untrusted data • Cross site request • Challenge-Response such as CAPTCHA • Synchronizer Token • Origin header
  • 12. Encryption • Preferred Symmetric compared to asymmetric due to performance • Use Strong Keys • Change Keys Periodically Key storage • Store in Key Vault and store away from encrypted data • Double encryption • Dual key storage Database encryption • Watch for Performance implications • Encrypt only necessary columns © Techcello www.techcello.com Data Security – Data Storage
  • 13. © Techcello www.techcello.com Data Security – Sample Encryption Decryption Approach
  • 14. © Techcello www.techcello.com Data Security – Data Transit Web Server to Application server • Soap Web Service • WS-Security • message security • transport security -https • client authentication - username, certificate, claims federation • Rest • Https • Custom asymmetric encryption • custom authentication End user browser to web server • Https • Custom encryption Application to Database • Transport Security
  • 15. © Techcello www.techcello.com Security Audit Event Audit • Covers • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Event audit information – subject, target, context, user, datetime • Audit details stored in a separate datastore for better performance • Realtime audit details – audit cache server
  • 16. © Techcello www.techcello.com Security Audit Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread.
  • 17. Cello Stack – At a Glance How does it work? Administrative Tenant Licensing Metering Billing Data Backup Modules Provisioning Security User Role/Privilege Auditing Modules Management Mgmt. Custom Fields Custom LoV Ad-hoc Builders Cloud Ready, Multi-Tenant Application Development Framework Single Sign-on Dynamic Data Scope Business Rules Workflow Dynamic Forms Enterprise Engines Integration Modules Settings Template Events Notification Templates Query Chart Reports Code Productivity Boosters Templates Master Data Mgmt. Forms Generation Application Multi-Tenancy & Tenant Data Isolation Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters
  • 18. © Techcello www.techcello.com Contact Details Jothi Rengarajan (jothi.r@techcello.com) James McGovern (james.mcgovern@hp.com) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello-product- demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello-resources- white-papers Thank You