All Aestiva products sit on a browser-native engine called Aestiva Array. Aestiva Array includes and utilizes the highest level security systems, to ensure maximum protection of visitor, server and developer data. Aestiva believes that the security measures it has taken make Array one of the more secure development environments on the web today.
Array accomplishes its goals, in part, by utilizing:• Security-by-Default Design (SDD)
• Automated Data Checking (ADC)
• Use of industry-standard HTTPS
• Vertically-Integrated Security Framework (VISF)
Security-by-Default Design (SDD)SDD is a design philosophy which requires products be securely configured at delivery time.
The Array (HTML/OS) engine follows the SDD objective. While the objective may appear obvious to many, SDD is not accepted practice in some popular web development environments. As a result, developers in other web programming environments may be required to be security experts, or contract with security experts, to develop well-secured websites and browser-native products.
When developing products with the HTML/OS programming language, the developer is not required to be a security expert, since ADC security measures are built into the engine. Aestiva recognizes the fact that most web developers are not (and will not become) fully knowledgeable in web security.
Automated Data Checking (ADC)The HTML/OS web engine used by Array performs data integrity checks to ensure that data passed to it from the web is proper and allowed. By default, data cannot be passed into Array unless it is explicitly allowed by the web developer. The data checking extends across all data passed into the engine, including data passed in as variables.
Use of industry-standard HTTPSArray works seamlessly with HTTPS, an industry-standard secure web protocol that delivers secure transport of data over the web.
Secure transport is required in situations where trust cannot be assumed by parties in network proximity to the hosted server.
All Array applications can be run using the HTTPS protocol. Secure logins are available for accessing the development environment over the HTTPS protocol. This allows for secure editing of server-side content, for situations demanding the highest level of transport security.
Vertically-Integrated Security Framework (VISF)Array is a vertically-integrated engine with a vertically-integrated security framework. Data passing utilizes HTTP and HTTPS only. Data is also confined to a server-side sandbox, delivering added server protection.
To safeguard against future security infractions, Aestiva, in addition to implementing its own measures, welcomes Aestiva customers to review and test Aestiva Array's security framework.