Dev Security

Aestiva builds security directly into its Array, Gami, and Power Office engines.

We even strive to make our engines secure from developer mistakes. Here are some of the security measures we can discuss.

Use of Sandboxes

Aestiva believes in using multiple layers of security sandboxes. For example, from the outside looking in, the outside world first encounters HTTPS and SSH services. No others are allowed. Aestiva does not allow unsecure ports. And SSH ports are IP Address limited.

Under that is the Paperwork Automation engine (Gami or Power Office). Each is a sandbox. Options are designed to restrict penetration to the Array engine underneath them.

Aestiva Array is its own sandbox too. The Array sandbox cannot be penetrated by the HTML/OS language since the language does not have the ability to read/write outside its sandbox.

Under that is the operating system security layer which acts as yet another sandbox.

Security-by-Default Design (SDD)

SDD is a design philosophy which says products should be securely configured at delivery time.

The Array (HTML/OS) engine follows the SDD objective. While the objective may appear obvious to many, SDD is not accepted practice in some popular web development environments.

As a result, coders in other web programming environments may inadvertently create security holes. To guard against problems, security experts are needed to develop well-secured solutions.

When developing products with the HTML/OS coding language, the coder is not required to be a security expert. SDD security measures are built into the engine. Aestiva believes it is risky to assume coders are also security experts.

Automated Data Checking (ADC)

The Array (HTML/OS) web engine performs data integrity checks to ensure that data passed to it from the web is proper and allowed. By default, data cannot be passed into Array unless it is explicitly allowed by the web developer. The data checking extends across all data passed into the engine, including data passed in as variables.

The engine also denies spoofing by eliminating cross-site scripting vulnerabilities. And, in the Gami platform (which supports independent developers), for additional protection, coders are denied using Javascript and client side code except for that built into the platform. Also, the engine denies all direct reads/writes to the underlying file system. And all network traffic is checked by internal Gami filters to ensure it is clean.




 About Aestiva

Aestiva automates paperwork. We have helped over 1,000 businesses since 1996. Our modular engineering tools deliver the power of FIVE.

The Power of Five

5
5X Power • 1/5 Cost • 5X Faster Delivery


Now with compliance, audit, user-access control, and advanced features you would expect from an enterprise product but without the extra cost, delivery, and complexity. We're on a mission to create a world where organizations run smarter, happier, and better.

Connect with us today.
Call 1-888-AESTIVA (237-8482).