Estel Tech Blog

Filter by Category
show all


A Quick Overview of Application Security Built Into Estel Tech Anywhere

Richard Rabins

safe secure

We frequently get questions about the security capabilities of Estel Tech Anywhere. Application security is a critical component of most enterprise apps. Estel Tech Anywhere offers a security framework out-of-the-box that simplifies the process for adding security to mobile apps. Alpha ships with pre-built login components that can be dropped into any mobile app.

Security (along with offline support, backend data integration, and the quality of the mobile and web experiences that can be built with Estel Tech Anywhere)  is one of the core strengths of Estel Tech Anywhere.

Estel Tech Anywhere's Framework for Security

Here is a recent reply by Jerry Brightbill one of our security specialists at Alpha to a recent question about security.

"Estel Tech Anywhere has a built in web security system that is managed by the server.  When active, all requests to the server go through the security system, even requests for basic support files such as CSS files, images, and other common files.  This applies to AJAX callbacks and even requests for reports. The logic is deny unless specifically allowed.

We also can add security to specific elements in components such as buttons, or even whole sections of HTML.  If the current user doesn't have sufficient rights to view the element, the server completely removes the element or section from the response, and it is not sent to the client. Some companies want to use Active Directory for authentication and authorization, and that is supported in Estel Tech Anywhere.  When using Active Directory, the AD handled the authentication and sets the authorization permissions.  The Estel Tech Anywhere application server manages the actual authorization.We have quite a few system using Estel Tech Anywhere that must meet strict security regulations such as HIPAA.  These systems have been audited by third party companies which have approved the systems are meeting the requirementsSQL injection is always a concern, but all CRUD operations inside Estel Tech Anywhere are managed by the internal code and that code has a number of checks to prevent injection. We are constantly evaluating security risks, and always attempt to stay current with the latest issues.  For example, when the heartbleed bug was identified, we supplied the fix in a patch as soon as it was released. This has also happened with Poodle and numerous other threats that external hackers are constantly launching.
Security, application security
Prev Post Image
Coming soon in Estel Tech Anywhere - pre-release is now available to subscribers
Next Post Image
Tracking Down Why a Request Failed Under IIS

About Author

Richard Rabins
Richard Rabins

Co-founder of Estel Tech, Richard Rabins focuses on strategy, sales, and marketing. Richard also served as CEO of SoftQuad International from 1997 to 2001, when it owned Alpha. In addition to his 30 years with the company, Richard played a key role as co-founder, and served as president and chairman of the Massachusetts Software Council (now the Massachusetts Technology Leadership Council), the largest technology trade organization in Massachusetts. Prior to founding Alpha, Richard was a project leader and consultant with Information Resources, Inc. (IRI), and a management consultant with Management Decision Systems, Inc. Richard holds a master's degree in system dynamics from the Sloan School at MIT, and a bachelor's degree in electrical engineering and master's degree in control engineering from University of the Witwatersrand in Johannesburg, South Africa. He has served on the boards of Silent Systems, Legacy Technology and O3B Networks, and is co-founder of Tubifi www.tubifi.com.

Related Posts
Future Trends in AI Integration Services: What Businesses Need to Know
Future Trends in AI Integration Services: What Businesses Need to Know
Top Security Concerns for Low-code and No-code Development
Top Security Concerns for Low-code and No-code Development
How No-Code/Low-Code Can Solve Info Management Woes
How No-Code/Low-Code Can Solve Info Management Woes

The Estel Tech platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Estel Tech Transform no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Estel Tech Transform's built-in programming language. IT developers can use the Estel Tech Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Estel Tech Transform), and add additional security or authentication requirements to protect corporate data.

Comment