How we secure UWT
Needless to say, web application security is of vital importance. After all, when trusting your data to a web application, you create access to valuable data that needs to be protected the best way possible.
Therefore, we have taken the following measures to secure our web application:
- User ID’s and passwords are either hashed or encrypted when sent over the internet. User passwords are stored in the database using blowfish (hashed) and cannot be decrypted. Other passwords (FTP, JDBC, Email, interfaces, etc.) that require transmission, are stored using a reversible encryption method (tdes or aes).
- The client code is obfuscated when compiled using GWT. This makes the code very difficult to read. Furthermore, the client code is split in such a way, that when the login page is opened, only the code required to log in is downloaded. Not until you have logged in, the rest of the code downloaded.
- Many checks have been added to make tempering with server calls virtually impossible. All interfaces from the browser to the server require a session ID. This session ID is different for every interface making it near to impossible for a hacker to retrieve or update data without first supplying valid credentials. Also all data sent contains hashes and checksums and is never assumed to be sent by an authenticated user making it very difficult to make unauthorized changes.
- UWT was tested by WhiteHats ethical hackers. This Dutch based web-security company performed a code review and penetration test on our web application. They base their assessment of web-based application security on the guidelines of the internationally renowned OWASP foundation. This foundation supports the development and maintenance of secure web applications. Following these guidelines, WhiteHats deemed UWT to be save.You can read the management summary of their security assessment here.
As you can see, thorough action has been taken to make UWT as save as possible. Nevertheless, we advise you to always use HTTPS-connections, as this will further improve your web-based application security.
Questions about our web applications security?
GSoftware is the company behind UWT. We have taken our time to develop our toolkit and have extensively tested UWT before bringing it to market. Would you like to learn more about our web-based application security? Feel free to contact us at any time. We can be reached by email at info@ultimatewebtool.com.