• Home |
• Products |
  • Products Overview
  • Mykonos Security Appliance
  • Mykonos Framework
  • Solutions
  • Support
• Resources
|
• Partners
|
• News & Events |
• About Us |
  • Company Overview
  • Management Team
  • Board of Directors
  • Careers
  • Support
  • Contact Us

Code-Level Security: Technical Specifications

The security is built into the Mykonos Framework. The Web application security features include:

Encryption

• Lightweight 256-bit AES encryption
• On all traffic or only select requests/responses

Session Management

• Secure browser sessions bound by encrypted private keys
• Secure application sessions using constantly changing encrypted tokens
• Digitally signed, tamper-proof requests

Access Control

• Client-side communication with OpenSSO servers via SAML 2.0
• ACLs for applications, services, screens, and components

Input Validation

• Validates and encodes user input on the client and the server

Run-time Filtering

• Output: Never present malicious code or markup, stop all XSS attacks
• Services: Only talk to trusted web services
• Domains: Never run embedded in un-trusted domains

Security Logging

• Invalid message signatures
• Invalid keys
• Unusual delays
• Session timeouts

Obfuscation

• Scrambles all script, markup, and CSS at build time
• Re-obfuscate on demand, on security breach, or automatically