Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Add question

You must login to ask question.

Login

Register Now

APPSeCONNECT community provides a new way for integration super heros connect the external world. Join hands together to build a community of people to help each other, solve problems or share knowledge.

5 Uncommon Security Features of APPSeCONNECT

5 Uncommon Security Features of APPSeCONNECT

APPSeCONNECT provides a hell lot of features for its customers. Some of them are very common and can be readily used after registering for an account. In this KB, we will talk about some of the uncommon features on security which lets you correctly secure your account.

1. Enable two factor authentication for your account

One of the major security measure that you want to take to make sure your account is secure even though you have compromised your password is to enable two factor authentication. With this feature, after you login, every time you will get a notification either in SMS or through Call or through Email with a secure pass code. You need this code to successfully login to the portal.

To enable, follow the steps:

  • If this is your first login, you will get notified to change your password, and then to enable “Two factor Authentication”.
  • Otherwise you can enable it from Profile section of your account.
  • To enable from Profile, just click on My Profile from extreme right side menu on the screen.
  • In the Profile Section Select “Change Details” and select Personal Info.
  • You can check the “Two Factor Authentication”. It will verify your phone number and you are done.
  • Save Changes to take this effect.

After Two Factor is Authenticated, the login will prompt for extra pass code to login.

2. Enable password expiry

Password expiry will ask for new password every Two or Three months depending on the setup you have configured in your account. This gives an extra level of security such that if your password is compromised, with regular change in password will secure your account.

To enable, follow the steps:

  • If this is your first login, you will get notified to change your password, and then to enable “Password Expiry”.
  • Otherwise you can enable it from Profile section of your account.
  • To enable from Profile, just click on My Profile from extreme right side menu on the screen.
  • In the Profile Section Select “Change Details” and select Security Settings.
  • You can check the “Enable Password Expiry”. It will show a dropdown to setup an expiry of either One month, two month or three month.
  • Save Changes to take this effect.

Password Expiry

After enabling password expiry, it will ask to change password after every 1 – 3 months depending on the setup.

 

3. Store transaction data in secure vault for Onpremise Agent

Transactions need some metadata to be stored on the fly in environments. These environments capture transaction data, last date records, last ids etc. In case of disaster or if the environment is compromised, you will get an option to retrieve these information such that transactions are correctly configured again.

To enable, follow the steps:

  • If you have installed on premise agent, when you login, you will get an option to secure transaction data.
  • Just check this before login, and you are done.
  • If you have faced disaster or installed in fresh machine, you can use “Download Settings” menu to download the last backed up data.
  • You can download the files and restart the agent to take into effect.

 

4. Use end to end encrypted in data transfer

End to end encryption is a technique to encrypt the data on transit and decrypt only from the installed agent, thereby ensuring the data is secure without enabling anyone in transit to read it. With this feature, your machine generates a secure key and updated to the server on your account in a secure vault. Now when your machine calls for data, the will be encrypted using the local key both in server or in agent before transit.

If you want to regenerate the security key again use “Update your Encryption Policy” option from Profile-> Security Settings.

Password Expiry

5. Deactivate Environment which are not in use

After you are sure that you are not using an environment, it is important to block it to release the license from the account. This will ensure that the machine can never interact with our servers and also remove any sensitive data present on the environment.

To do this, follow the steps:

  • Open https://portal.appseconnect.com and go to Deploy -> Environments.
  • In environment section, select the environment which you don’t need anymore.
  • Select Detach from menu to the environment, which will block the environment from connecting APPSeCONNECT.
  • After you detach, it can never be connected again from the environment using on premise Agent.

If you choose Delete instead of Detach, you can reinstall agent again on the environment again to start connecting to APPSeCONNECT.  Choose Detach only when you never want anyone from connecting from this environment.

 

Conclusion

Security is an important concern for any application. Even though there are a lot of security feature enabled in the platform, some are optional and you need to enable them yourself. I hope these features in APPSeCONNECT will let you make your account in APPSeCONNECT more secure.

Feel free to comment if you have any.

Thanks

About Abhishek SurVerifiedExpert

VP, Products at InSync Abhishek Sur has been a Microsoft MVP since 2011. He is currently working as a Product Head with Insync Tech-Fin Solutions Pvt Ltd. He has profound theoretical insight and years of hands-on experience in different .NET products and languages. Over the years, he has helped developers throughout the world with his experience and knowledge. He owns a Microsoft User Group in Kolkata named Kolkata Geeks and regularly organizes events and seminars in various places to spread .NET awareness. A renowned public speaker, voracious reader, and technology buff, Abhishek's main interest lies in exploring the new realms of .NET technology and coming up with priceless write-ups on the unexplored domains of .NET. He is associated with Microsoft's Insider list on WPF and C# and stays in touch with Product Group teams. He holds a Master's degree in Computer Application along with various other certificates to his credit. Abhishek is a freelance content producer, developer, and site administrator. His website www.abhisheksur.com guides both budding and experienced developers in understanding the details of languages and latest technologies. He has a huge fan following on social networks. You can reach him at books@abhisheksur.com, get online updates from his Facebook account, or follow him on Twitter @abhi2434.

Follow Me

Leave a reply

Share via
Copy link
Powered by Social Snap