SDLC
SymphonyAI uses the software development life cycle (SDLC) model to build products by adhering to standards and secure coding practices. SymphonyAI product teams are well trained to analyze all requirements in detail and use the principle of “security by design” before developing product features.
*Note: Except the four cookies (SessionTimeout, ServerTime, SessExpired, LogStatus) which are related to Session Timeouts, the rest of everything can be made HTTPONLY by updating below tags in web.config
Need to below key under App setting:
SDLC Process Document | SummitAI SDLC Process Document.pdf |
Sonar Report (Code Review) | Sonar is a code review tool executed by all engineers before the check-in of the code. All blockers and critical ones are mandatorily resolved. We have already started the architecture revamp of the product which will take care of all the issues including major and minor ones. SampleSonarReport_ B009_Tahoe.pdf |
Cookie Related Information
Web Cookies [Internal application only] | Remark |
Does the application use any web cookies? | Yes |
Cookie name | ASPXAUTH, ASP.NET_SessionId, AuthToken, CustomURLCookie, FormLoginCookie, LOGSTATUS, LoginTypeCookie, SERVERTIME, SESSEXPIRED, SESSIONTIMEOUT, __AntiXsrfToken Refer below table for more details |
Cookie type | HTTP Cookie |
Cookie provider | ASP.Net |
Functionality of cookie | Used for Session Management and to persist other data between requests |
What are the personal data attributes collected? | No personal data collected in Cookies |
Why is personal data collected using cookies? | No Personal data collected |
Where is the cookie data stored? | Part of Client Browser cache and temp files |
How long is the cookies data stored? | 24 hours |
Is secure flag enabled? | Yes |
Is it a HTTP only flag enabled cookie? | Yes |
Do we encrypt cookies? | Yes. (Except ASP.NET basic cookies, all the cookie information by default encrypted.) |
Cookie Details
Cookie Name | Purpose | Cookie Category | Expiry |
.ASPXAUTH | ASP .Net Default Cookie | Strictly Necessary Cookies | Persistent |
ASP.NET_SessionId | ASP .Net Default Cookie | Strictly Necessary Cookies | Session |
AuthToken | Generate Unique GUID value for VAPT | Strictly Necessary Cookies | Session |
CustomURLCookie | For opening Tickets from mail | Strictly Necessary Cookies | Persistent |
FormLoginCookie | To detect whether form login | Strictly Necessary Cookies | Persistent |
LOGSTATUS | Session Timeout Pop up related | Strictly Necessary Cookies | Persistent |
LoginTypeCookie | To detect the type of login | Strictly Necessary Cookies | Persistent |
SERVERTIME | Session Timeout Pop up related | Strictly Necessary Cookies | Persistent |
SESSEXPIRED | Session Timeout Pop up related | Strictly Necessary Cookies | Persistent |
SESSIONTIMEOUT | Session Timeout Pop up related | Strictly Necessary Cookies | Persistent |
__AntiXsrfToken | ASP .Net Default Cookie for AntiXsrf Token | Strictly Necessary Cookies | Session |
*Note: Except the four cookies (SessionTimeout, ServerTime, SessExpired, LogStatus) which are related to Session Timeouts, the rest of everything can be made HTTPONLY by updating below tags in web.config. Need to below key under App setting.
<add key=”App:HTTPOnlyCookie” value=”true” />