Product Security

In order to ensure the security of your data, the Unanet product development process includes testing the application against best business practices to minimize security vulnerabilities.  In addition to internal testing efforts, Unanet works with 3rd party vendors to conduct Security Assessments on a periodic basis.

These security vulnerability assessments use international information security and national regulatory standards to verify the products resistance to well-known attacks and other attacks from both unauthenticated and authenticated users.  The tests include efforts to bypass security features (e.g. cross-site scripting attacks, data leakage, buffer overflows, SQL injection, etc.), and involve both the front and back end components using a combination of automated and manual testing methods.  Automated tools employed have included utilities such as, AppDetective, Nikto, WebInspect, AppScan and Webscarab.

This type of testing checks for all common vulnerabilities identified in the Web Application Security Consortium (WASC) Threat Classification.  We also refer to the Open Web Application Security Project (OWASP) and the Department of Homeland Security (DHS)-sponsored Build-Security-In website for application security best practices and knowledge as well as the Web hacking incident database (WHID).

Including these efforts have led to the discovery and subsequent mitigation of vulnerabilities to help strengthen our overall security posture.