Software as a service (SaaS) is a licensing model where software is sold as a cloud service.
Questions tagged [saas]
25 questions
1
vote
0 answers
Does application security assessments done using SaaS solutions (WhiteHat Sentinal and Fortify on Demand) count as penetration tests?
SaaS security solutions such as "WhiteHat Sentinal" and "Fortify on Demand"
are getting popular now a days. Methodologies of both describe them involving manual verification. Does this qualify the Application security assessment report produced by…
EssentialsOfCool
- 11
- 2
1
vote
1 answer
do we need VPN for SaaS cloud applications?
If we need to connect to the corporate network from home, we need to have the VPN connection. However, what if for accessing SaaS applications like Google Doc, Salesforce, etc, do we need still need the VPN connection?
I think the underneath…
Jack
- 11
- 2
1
vote
1 answer
How can I make sure that my Python code cannot be accessed by the user of my web app?
I have a Python Program whose code I would like to protect. For sake of example, let's say I coded a novel function called "add" which does the following:
def add(n1, n2):
return n1 + n2
I'd like to release this functionality to users so that…
Pro Q
- 1,349
- 2
- 7
- 10
1
vote
0 answers
Responsibility of Malware infection in SaaS contracts
We are a SaaS company and I have been asked to review the 'Security' section of the contract proposed by one of our potential clients. I would like to know whether the following two statements are regular standards followed in SaaS contracts? As far…
Sreeraj
- 1,297
- 1
- 13
- 21
0
votes
1 answer
Does splitting auth SSO and MFA parts, between client and service companies have any issues?
My company provides a single SaaS product for corporate clients.
For one client we are implementing SSO with them as authentication provider (via Azure AD/SAML for now, but the library we are using is extensible).
The same client has asked us to…
Neil Slater
- 51
- 6
0
votes
0 answers
Best way to encrypt client side data for SaaS inside the web
I am planning a SaaS-solution, where my clients store and save sensitive data on my servers.
Security is a big point as it makes a product more trustworthy, so my thought was that the data which I retrieve from my clients should be encrypted on…
Robert Wolf
- 1
- 1
0
votes
2 answers
allowing users to add custom html/js code and show it only under another domain
I have a web app where I allow users to create a one-page portfolio using drag and drop, also I allow them to add custom HTML freely (basically any html or js code)
I'm aware that I shouldn't allow the custom HTML to be executed while they are in…
medBouzid
- 129
- 3
0
votes
1 answer
Is it possible to use Kerberos for SSO in a SaaS application?
If I have a webapplication in my internal Microsoft Windows network I'm aware that I can use the kerberos protocol to make a Single Sign on (SSO) into this application with the web browser.
Is it a good idea to use kerberos for SSO in an external…
leo
- 103
- 3
0
votes
1 answer
PCI compliance of a SaaS provider
We (merchant) will be using a SaaS to sell learning modules and accept credit card payments through a redirect to a service provider that will process the credit card payments. The SaaS will be hosted by Amazon web services.
Should the SaaS provider…
0
votes
3 answers
What are some metrics to be used to evaluate SaaS security?
What are some metrics to be used to evaluate a SaaS app's security?
Some examples:
static code analysis (Fortify)
code coverage (bugs being a potential source of vulnerabilities)
others?
In case it isn't obvious, the code is available to audit and…
Blaze
- 322
- 3
- 13