Most Web applications are created on frameworks that have bells and whistles to rapidly develop web applications, but have no focus on security. Similarly, programmers are rewarded for rapidly develop software features in a timely manner. Often there is no recognition for developing secure applications. Even if the right incentive were in place, the stark reality is that few security courses for coding are taught at the nation's leading computer schools, leaving secure programming skills in short supply. Together these forces shape an environment where insecure coding manifests itself in many of today's Web applications leaving vulnerabilities that hackers often exploit.

Organizations like OWASP and SANS are leading the way to improve coding practices so that security standards are met. Following the recommendations of these organizations enables developers to build secure Web applications

Mykonos Software provides an automated solution that compliments this effort with the only industry framework that ensures Web applications are developed secure by default and address every vulnerability listed on the OWASP Top 10.

Industry analysts agree that the majority of security threats have shifted to the Web application layer. Yet, still today, the majority of security is based at the network layer. Using network perimeter security in an attempt to block vulnerability exploits of your code avoids the underlying problem of actually fixing the code. Fixing identified vulnerabilities after a source code analysis is time consuming requiring first that development resources are used to verify the findings, then actually correcting the code. Securing the code requires knowledge of secure coding concepts and methodologies, and as we've already said, these skills are in short supply.

A powerful cure is to build the Web application on a framework that is secure by default and enables developers to rapidly build secure Web applications.

Improved Development Practices

The Mykonos Framework improves development in three ways:

• Developers build Web applications more securely, including security features like access management, session management, validation, encoding and obfuscation.
• Developers create feature-rich Web applications with drag-and-drop desk-top functionality.
• Developers build Web applications faster, because the security is built-in during the coding. The typical cycle of code development is shortened significantly.

Mykonos has released the first secure, dynamic AJAX framework focused on ensuring secure code. Created using a decade's worth of experience developing one of the world's largest web applications, the Mykonos Framework has four unique security advantages:

• Secure code development - The only framework that ensures all Web application code is securely developed addressing every vulnerability listed on the OWASP Top 10.
• Real-time protection - Managed update service for continuous real-time protection ensures all applications built on the Mykonos Framework are updated as new threats arise in real-time.
• Real-time visibility - The Management Console provides application visibility for IT security staff into Web application deployment and patch status.
• PCI and HIPAA Compliance - The Mykonos framework is the fastest and most thorough method to ensure your development team complies with PCI DSS Requirement 6 and the quickest path to complying with HIPAA Title 6

The security is built into the Mykonos Framework. The Web application security features include:

Encryption

• Lightweight 256-bit AES encryption
• On all traffic or only select requests/responses

Session Management

• Secure browser sessions bound by encrypted private keys
• Secure application sessions using constantly changing encrypted tokens
• Digitally signed, tamper-proof requests

Access Control

• Client-side communication with OpenSSO servers via SAML 2.0
• ACLs for applications, services, screens, and components

Input Validation

• Validates and encodes user input on the client and the server

Run-time Filtering

• Output: Never present malicious code or markup, stop all XSS attacks
• Services: Only talk to trusted web services
• Domains: Never run embedded in un-trusted domains

Security Logging

• Invalid message signatures
• Invalid keys
• Unusual delays
• Session timeouts

Obfuscation

• Scrambles all script, markup, and CSS at build time
• Re-obfuscate on demand, on security breach, or automatically

Developers

If you build Web applications that handle credit card information, banking and investment data, and patient health information, Mykonos is the only framework that ensures all Web application code is securely developed addressing every vulnerability listed on the OWASP Top 10. Building Web applications with Mykonos means secure code.

The Mykonos Framework improves development in three ways:

• Developers build Web applications more securely, including security features like access management, session management, validation, encoding and obfuscation.
• Developers create feature-rich Web applications with drag-and-drop desk-top functionality.
• Developers build Web applications faster, because the security is built-in during the coding. The typical cycle of code development is shortened significantly.

IT Security

The management console included with the Mykonos Framework provides visibility into the Web application so that all security administrators can understand the deployment of updates and any security patches in real-time.

CIO's

The risk of being attacked by hackers is always present but using the only code-level security framework can help reduce the risk while also helping bridge the gap between building features and keeping the Web application secure.