A Quick Overview of Application Security Built Into Alpha Anywhere

Blog



A Quick Overview of Application Security Built Into Alpha Anywhere


ssssssssssssssssssssssssssss

We frequently get questions about the security capabilities of Alpha Anywhere. Application security is a critical component of most enterprise apps. Alpha Anywhere offers a security framework out-of-the-box that simplifies the process for adding security to mobile apps. Alpha ships with pre-built login components that can be dropped into any mobile app.

Security (along with offline support, backend data integration, and the quality of the mobile and web experiences that can be built with Alpha Anywhere)  is one of the core strengths of Alpha Anywhere.

Alpha Anywhere's Framework for Security

Here is a recent reply by Jerry Brightbill one of our security specialists at Alpha to a recent question about security.

"Alpha Anywhere has a built in web security system that is managed by the server.  When active, all requests to the server go through the security system, even requests for basic support files such as CSS files, images, and other common files.  This applies to AJAX callbacks and even requests for reports. The logic is deny unless specifically allowed.

We also can add security to specific elements in components such as buttons, or even whole sections of HTML.  If the current user doesn't have sufficient rights to view the element, the server completely removes the element or section from the response, and it is not sent to the client. Some companies want to use Active Directory for authentication and authorization, and that is supported in Alpha Anywhere.  When using Active Directory, the AD handled the authentication and sets the authorization permissions.  The Alpha Anywhere application server manages the actual authorization.We have quite a few system using Alpha Anywhere that must meet strict security regulations such as HIPAA.  These systems have been audited by third party companies which have approved the systems are meeting the requirementsSQL injection is always a concern, but all CRUD operations inside Alpha Anywhere are managed by the internal code and that code has a number of checks to prevent injection. We are constantly evaluating security risks, and always attempt to stay current with the latest issues.  For example, when the heartbleed bug was identified, we supplied the fix in a patch as soon as it was released. This has also happened with Poodle and numerous other threats that external hackers are constantly launching.

Moving from Access to Alpha Anywhere: Transcript of Peter Caspari's Podcast
Tracking Down Why a Request Failed Under IIS

About Author

Richard Rabins
Richard Rabins

Co-founder of Alpha Software, Richard Rabins focuses on strategy, sales, and marketing. Richard also served as CEO of SoftQuad International from 1997 to 2001, when it owned Alpha. In addition to his 30 years with the company, Richard played a key role as co-founder, and served as president and chairman of the Massachusetts Software Council (now the Massachusetts Technology Leadership Council), the largest technology trade organization in Massachusetts. Prior to founding Alpha, Richard was a project leader and consultant with Information Resources, Inc. (IRI), and a management consultant with Management Decision Systems, Inc. Richard holds a master's degree in system dynamics from the Sloan School at MIT, and a bachelor's degree in electrical engineering and master's degree in control engineering from University of the Witwatersrand in Johannesburg, South Africa. He has served on the boards of Silent Systems, Legacy Technology and O3B Networks, and is co-founder of Tubifi www.tubifi.com.

Related Posts
Build Data Driven Apps: A Delivery App Example
Build Data Driven Apps: A Delivery App Example
Survey Shows Mobile App Security Has A Long Way To Go
Survey Shows Mobile App Security Has A Long Way To Go
Alpha Anywhere Customer Receives Comprehensive Security Certification
Alpha Anywhere Customer Receives Comprehensive Security Certification

Comment

Subscribe To Blog

Subscribe to Email Updates