Security overview

All of bountiXP’s core and additional apps are hosted in accordance with our rigid security practices, designed by our security specialist teams. 

Summary

bountiXP uses Amazon Web Services because of their expertise in security. We also use best practices and international coding standards:

Infrastructure Security

Our applications and servers are hosted in a private cloud environment, where public access to the servers is not possible; unless through the Virtual Private Cloud (VPC); rendering it exceptionally secure.

DDoS Mitigation

Our applications and servers are built for scaling and configured for high availability, where they reside in multiple Amazon data centres.

Monitoring and Logging

All our application servers and infrastructures are monitored by Amazon Cloud Watch; from auto-scaling thresholds to the server, database and application events.

Data Encryption

Our web traffic application is encrypted using SSL/TLS. Our databases are encrypted and hosted in Relational Database Services (RDS). Server access requires password-protected SSH keys and complies with best practices. Infrastructure user and role policy govern exchange and access to various resources within our applications.

Access Control

Identity and access management, roles and policies are used to control infrastructure, server and application access to our resources.

Application Security

OAuth token authentication with HTTP authentication on the APIs.

Infrastructure Provider

bountiXP’s cloud infrastructure provider is Amazon Web Services (AWS). AWS provides us with a mix of Infrastructure As A Service (IAAS) and Platform As A Service (PAAS) solutions. It also affords us flexibility to scale and deploy our application worldwide.

bountiXP was built for the South African market and has plans to include the international market.

The benefits of the availability zones enable scalability and the redundancy of the bountiXP infrastructure and applications. Edge computing, cloud content and distribution allows for quicker delivery of web application assets.

 

For much more: Download our Application Infrastructure & Security PDF

Download our Application Infrastructure & Security PDF

Summary

While there are as many proprietary authentication methods as there are systems that utilise it, it is most often variations of a few major approaches. These approaches were developed to address the limitations in early communications and internet systems, and as such, typically use bad existing architectural approaches with novel implementations to allow authentication to occur.

bountiXP regards data protection as one of it’s platform’s highest priorities. As a result, we have decided to utilise two of these well-known methods to add security to our APIs; namely HTTP Basic Auth and oAuth.

 

Authentication models

 

HTTP Basic Authentication

In this method, an HTTP user agent enters a username and password to authenticate. This method does not require cookies, sessions or any other speciality solutions. And, because it uses the HTTP header itself there is no need for complex response systems. We use SSL for security so that the data transmitted is over secure lines.

oAuth

In this method, the user logs into the system. The system then requests authentication, usually in the form of a token. The user will then forward this request to an authentication server, which will either reject or allow this authentication. From this point, the token is provided in each request the user makes to validate the token. This can be used over time with strictly limited scope and age of validity.

This is a very secure and powerful method because it allows for the soft establishment
of scope. That is: what systems the key allows the user to authenticate to and validity (meaning the key doesn’t have to be purposely revoked by the system, it will automatically become deprecated in time).

For a copy of the above: Download our Application Authentication PDF

Download our Application Infrastructure & Security PDF

Introduction

It is crucial to recognise the role that data integration plays in enabling synergies between bountiXP and its clients.

This document is focused on high-level application integration and architecture that abstracts business logic to more effectively broker processes and services.

To achieve operational efficiency and data integrity, this document will focus on:

  • Facilitating data integration across multiple platforms.
  • Future-proofing a solution in terms of:
    • Business functionality and evolution based on best practices of a layered enterprise – functional, business processes and data.
    • Continuous evolution of integration to render it more service-oriented and customer-focused with a view to achieve greater flexibility.
  • Linking business processes with system workflows and data entities (such as product attributes/definitions) across multiple client systems.
  • Enabling faster time to implement the solution as well as new services operationally.Figure 1 represents the various components of which the bountiXP platform comprise and illustrates the relationships.

 

Form much more: Download our Integration Architecture PDF

Download our Integration Architecture PDF