|
Web Applications
The expansion of the internet as a platform for e-business and as a worldwide information system significantly simplifies the exchange of information. In the corporate network of many clients, the internet has already a well-entrenched position, for example as an access portal to available applications and as a general information system.
IT SECURITY AND WEB APPLICATIONS
The data used in a web application are generally retrieved from or stored in several different systems. Those systems include data banks, directory services, messaging services, mail servers and legacy systems. The link-up of these components and the guaranteed provision of important requirements such as multi-user capability, availability, scalability and configurability can only be accomplished through the consistent use of standardized and proven technologies.
TESIS SYSware is able to provide optimal advice to its clients in all phases of the software development process, thanks to its many years of experience in the area of web applications and to the high level of expertise and education of its employees. Our area of competence encompasses all phases of the software lifecycle, from the analysis to the design and implementation and finally the integration and maintenance. Over the last few years, the object-oriented programming language Java has proved to be particularly suited to the development of web applications. TESIS SYSware is using Java for all levels of a modern tier architecture. On the client level, we realize Java Applets and HTML pages created by means of Java Servlets and Java Server Pages. The business logic implementation is done through the use of Enterprise JavaBeans. And for the link-up to decentralized systems, TESIS SYSware is employing standardized interfaces such as JNDI, JDBC, JavaMail and JMS.
IT Security
With computer networking and the internet, business processes are accelerated and simplified, too. However, this opening also poses a major challenge to the network security. It is supposed to provide confidentiality, authenticity, definitiveness and availability of the data without burdening the user with an additional workload. TESIS SYSware offers you security services for heterogeneous computer environments and is your competent advisor in all security-related matters.
For example with the TESIS/SSO system for password synchronization. With TESIS/SSO, each user only needs to authenticate him- or herself once to a central server. This is done either in a conventional manner via user ID and password or, in the future, by means of a chipcard with PIN. In addition, the SSO server manages the access rights of the user. Thus, TESIS/SSO is able to offer a user who has just logged in all the systems and applications to which he or she possesses an access authorization. With the simple touch of a button, the TESIS/SSO client application registers the user transparently at the desired target system (SSO target). Furthermore, TESIS/SSO supports both password-based systems and - to an increasing extent - certificate-based log-in procedures. The transparent registration procedure allows even weak password-based systems to be protected securely with the help of single-use passwords.
If a user has forgotten his or her password in a password-based environment, he or she can simply and safely reset it with the assistance of two colleagues from the same group or department when the TESIS/ASPR product is used. The principal advantages of this procedure are the elimination of the need to contact a costly hotline and, above all, the truly secure identification of the user by the two colleagues.
Additional security modules complement the TESIS security services: the TESIS/Web Authentication Module which allows the verification of a web user with the help of the OS/390 password or SSO certificate. TESIS/Web Authentication Modules are available for all common web servers: Oracle Application Server, BEA Weblogic server, iPlanet Webserver and MSUS. The TESIS/Online Certificator and Signatory (OCS server) with its client libraries even makes it possible for client-specific applications to use a central authentication by generating a certificate from the registration information (credentials) that can be used by all application components without the latter actually being in possession of the registration data.
In addition to the above, we advise our clients on the design of secure customer-specific applications by contributing our knowledge of encryption procedures, system security and attack scenarios on modern IT architectures. Furthermore, we can add significant value to the practical implementation of these projects thanks to our extensive security libraries for encrypted data transmission and authentication.
|
TESIS
Home
