Web session security

A message from SafePaaS CTO

In the first quarter of 2021, our engineering team delivered enhanced ETL configuration options for the API services available on the platform. Now, our customers and partners can improve time-to-value by easily and rapidly connecting any data source to monitor access and process risks across the multiple enterprise system. In the second quarter, we will continue to extend API services to enable AccessPaaS™ and MonitorPaaS™ customers discover and control risks across all data sources.

Our customers are rapidly transforming their business to digital platforms enabled by multiple cloud applications to ensure that enterprise processes and data is accessible through multiple mechanisms anywhere, anytime, from any user device over the internet. SafePaaS platform enhancements will ensure that the customer data and processes are protected against the expanded surface area for attackers to target.

The old security model of “inside means trusted” and “outside means untrusted” is no longer valid as we have recently been warned by an FBI Cybersecurity bulletin titled “APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks”. We are committed to providing the flexibility, agility and scalability of fine-grained application access controls that prevent enterprise applications risk of attack.

A Guide to Personalized, Efficient, Effortless Customer Support

Personalized customer support

We are committed to customer success with many options to service our customers' needs. Our support team members based in the Americas and India “follow-the-sun” model to provide continuous coverage 24 hours a day.

Once onboarded, all our customers have access to the support portal. All incident reports are handled via our SAFEACTS Support System located at https://support.SafePaaS.com/.This gives you access to all current and historical tickets on your account, both open and completed. We prioritize tickets by severity and handle issues where a service is completely unavailable before tickets where service is slow, and those before general questions about our service or general advice. You can find complete details here.

You can also contact support via a direct phone line. We provide our customers with a toll-free number in the USA.

All customers have access to the SafePaaS User Guides that can be found under the Help button - Documentation once logged into the application. Our user guides are updated on a quarterly basis. The Spring User Guide is already out!

Release notes can also be found under the Help button - Documentation. Release notes are updated monthly and can be downloaded in a pdf format. Our release notes include details on bug fixes and platform enhancements.

For those customers who sign up to our Continuous Risk Rewards program, you are provided with a direct line of contact for a faster resolution of issues. 

We welcome new and renewing customers in Q1

We welcome a British multinational information technology company that will be using our AccessPaaS™ Suite of products for Oracle ERP Cloud to reduce segregation of duties risk and improve the user provisioning process.

A US manufacturer and service provider of deep-ultraviolet light sources upgrading legacy Oracle GRC software to the SafePaaS platform for advanced risk management for Oracle E-Business Suite.

SafePaaS also welcomes an agronomic solutions provider in the US that will be using SafePaaS to test their current controls, roles and responsibilities in Oracle E-Business Suite. SafePaaS is proud to have the largest databased of Segregation of Duties violations for Oracle customers.

An American Design firm, a US organization that makes medical, dental, and veterinary products and provides related services, as well as a global provider of risk management products and services have all renewed their agreement to continue with SafePaaS ERP controls and trust their business-critical systems for Oracle E-Business Suite. (SafePaaS, through a technology partner provides sensitive access and segregation of duty controls to detect and mitigate risks in key business processes.)

SafePaaS customers "Live" on Oracle Cloud Infrastructure OCI 

SafePaaS has now migrated its suite of cloud applications to Oracle’s Cloud Infrastructure (https://www.oracle.com/cloud/) in the European Union. This environment provides data residency for all customers in that region, and also allows our customers to take full advantage of Oracle’s security, architecture, and access to Oracle’s global network. This is especially beneficial for customers that use Oracle’s OCI infrastructure, or who run Oracle’s E-Business Suite, PeopleSoft and Oracle Fusion ERP Cloud Applications.

Enhanced Web Session security for SafePaaS Users

SafePaaS uses state-of-the art advanced security measures and continues to follow guidelines to protect our customers.

Here is an example of Web-session security that some of our users have reported over the past quarter. (this has been in place since the launch of the SafePaaS in 2017)

Geo blocking

Geo-blocking obstructs website access and other content based on user location. There are a lot of ways the technology determines a user’s location in order to implement the appropriate restricting protocol. This generally includes identifying location based on an I.P. address, checking profile information, and measuring ping.

By default, SafePaaS blocks IP addresses that are known for being sources of spam and malicious content. If any of your users is blocked incorrectly, you have the ability to add him/her to the trust list. In addition, if we notice spam or DDoS attacks coming from a particular IP address or range, we will block it. If an address is blocked by multiple SafePaaS users it will be blocked globally. Please create a support ticket so we can permit specific IP addresses.

Session Time-out

SafePaaS will time out if it fails to establish an HTTP handshake after 15 seconds. SafePaaS will also wait 100 seconds for an HTTP response from our server before you will see a 524 timeout error. Other than this there can be timeouts on your origin web server.

Insufficient Session Expiration occurs when a Web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient Session Expiration increases a Web site's exposure to attacks that steal or reuse user's session identifiers.

A stolen session ID can be used to view another user's account or perform a fraudulent transaction.

Session expiration is comprised of two timeout types: inactivity and absolute. An absolute timeout is defined by the total amount of time a session can be valid without re-authentication and an inactivity timeout is the amount of idle time allowed before the session is invalidated. The lack of proper session expiration may increase the likelihood of the success of certain attacks. A long expiration time increases an attacker's chance of successfully guessing a valid session ID. The longer the expiration time, the more concurrent open sessions will exist at any given time. The larger the pool of sessions, the more likely it will be for an attacker to guess one at random. Although a short session inactivity timeout does not help if a token is immediately used, the short timeout helps to ensure that the token is harder to capture while it is still valid.

SafePaaS invalidates a session after a predefined idle time has passed (a timeout) and provides the user the means to invalidate their own session, i.e. logout; this helps to keep the lifespan of a session ID as short as possible and is necessary in a shared computing environment where more than one person has unrestricted physical access to a computer. The logout function is visible to the user, explicitly invalidates a user’s session, and disallows the reuse of the session token.