Adeptia Connect provides a secure end-to-end encrypted environment for the data that is transferred and exchanged between the companies and its partners. Adeptia has multiple features that make the data secure right from the implementation until the transaction is complete. This further ensures that all the data transacted through Adeptia is secured and does not move out.
...
The severity assigned to each vulnerability was calculated using the NIST 800-30 r1 standard. This standard determines the risk posed by the application based on the likelihood an attacker exploits the vulnerability and the impact that it have has on the business.
Likelihood
...
The impact the vulnerability would have on the organization , if it is exploited successfully , is rated with the following values:
...
Secured On-Premise Installation in DMZ Environment
Application Security
Secured Connectors
Adeptia engaged with 3rd party Application Security vendor to perform security scan on the Adeptia Connect Web Application. The Adeptia Connect application connectors are also independently tested and verified by following companies:
- Cigital Inc.
- Intuit Inc.
- Salesforce Inc.
- Amazon AWS
- SAP
- BigCommerce
- BambooHR
Adeptia Connect is a business application that allows you to access and exchange data with your partners (customers, vendors, or external organizations), and cloud based applications used within the company. It allows you to exchange information in the simplest possible way. It is designed for business users to self-manage their data connectivity while providing control to IT staff.
Adeptia Connect features a simple user interface to manage all external connections and data interfaces for your company, and reduces your effort and cost drastically. It is a single place to manage all your business data exchanges, where you publish your company profile just once and Adeptia Connect takes care of the rest.
Certain Adeptia Connect Connectors use certificates in order to ensure security when transmitting data across a communication protocol. Connectors such as FTPS, SFTP, HTTPS, and many others requires the use of certificates in order to encrypt data and channels and to verify the digital signature of the application sending the data. The Certificate Component can use an existing key obtained from a certificate authority such as VeriSign or a key generated by Adeptia.
Logical separation of Objects
...
• Admin has the ability to grant and revoke access.
Data Security
It is important to note that at no point during the Connection configuration or run-time process does Adeptia Connect store the data. Adeptia Connect is engineered to optimize interoperability of applications and facilitate your integration processes without saving your data in our data center, unless specifically configured to do so.
There is no data stored on Adeptia and the local copy of the data is deleted automatically when the data transfer is completed. Even when a temporary local copy of business data is stored on the hard drive, Adeptia supports encryption-at-rest to ensure that data is encrypted.
...
Adeptia enables you to apply encryption and decryption to the source and target files being transported via Adeptia Server. You can encrypt the source file to be sent and in a similar way, you can decrypt an encrypted file received via Adeptia Server. . To know more in detail about how Adeptia handles Data Encryption, visit our Data Encryption at Rest help page.
Protection Against Attacks
...
Adeptia has implemented the following techniques to prevent attackers to exploit the vulnerabilities in the Adeptia Connect application.
- OWASP Top 10 vulnerabilities
- Web Application Vulnerabilities
- Operator-sided Data Leakage
- Insufficient Data Breach Response
- Insufficient Deletion of personal data
- Non-transparent Policies, terms and Conditions
- Collection of data not required for the primary purpose
- Sharing of data with third party
- Outdated personal data
- Missing or insufficient session expiration
- Insecure Data Transfer
- Distributed Denial of Service (DDoS) Mitigation
Findings
Findings | Description | Verified |
File Upload Restrictions | Adeptia prevent users from uploading files without proper validation. | √ |
Account Lockout Policy | Adeptia enforces an account lockout policy by suspending a user account after a certain number of failed authentication attempts. | √ |
Server-side validation | Adeptia uses server-side validation for any client side input to prevent attackers from accessing the application via proxy. | √ |
Query String Parameter in SSL Request | Adeptia does not allow sensitive data to be passed between the client and server in the URL query string. Parameters are passed via POST operation. | √ |
Password Policy | Adeptia follows a strong password complexity policy. This policy combines rules to prevent easily guessable password from being used while also ensuring that passwords contain sufficient entropy. | √ |
Secure Cookie Attribute | Adeptia sets 'Secure' attribute on all cookies that contain sensitive values such as Session IDs. | √ |
NPI Data Security | Adeptia masks or obfuscates Non-public personal information (NPI) when this data is entered into the application and when it is displayed back to the user. | √ |
Cacheable SSP Pages | Adeptia uses Cache-Control directives to set the cache behavior on all pages. | √ |
Verbose Server Banner | Adeptia does not provide verbose server information from all HTTP responses | √ |
OWASP Top 10 Privacy Risk Test | Adeptia complies with OWASP Top 10 security risks and supports countermeasures to mitigate these risks. | √ |
...