https://aspsecuritykit.net/?src=hnzt

ASPSecurityKit

  * Features
  * Docs
  * Samples
  * Pricing
  * Try For Free
  * Guides
  * Blog
  * Sign In

[                    ]

Sales: +1(628) 250-2591

mailto:[email protected]
+ x
Ends in

Enterprise-grade security, simplified for developers

Rapidly build highly secure web apps/API platforms, without security
experience

Requiring no/low security code, powered by a zero-trust based
security pipeline

Show me an example | Learn more

Jump straight into developing the business features using source
packages

That come with full implementation of profile/user management/admin
APIs and MVC portals

Show me an example | Learn more

ASPSecurityKit powers Forge Trust multi-tenant API platform and
portals, managing over $11 billion of custodial assets

    "The work you guys have done for ISCP security has been
    phenomenal and I consider it to be one of the most important
    pieces of our financial platform. I highly recommend
    ASPSecurityKit as the leading IAM solution."

-- Todd Yancey CSO, IRA Services Trust Company (San Francisco).
Get Started Purchase a license Tell me more

Protect your server application

with a comprehensive security pipeline

built on zero-trust model

Multiple stages of checks and verifications with events, hooks &
settings to alter the existing and inject custom checks at any stage

1
XSS

Cross-Site Scripting (XSS)

Detect/resist XSS injections and holistically sanitize data across
various subsystems (emails, APIs, back-end/front-end).

2
Authentication

Authentication

Allow multitude of clients (browsers, mobile apps, IoT devices,
backend jobs, third-party services) to connect securely using schemes
like HMAC, cookies, service key and identities such as site keys,
feature keys and sessions.

3
IP Firewall

IP Firewall

Restrict access to only secure networks or machines for not just
automated API key based calls, but for any identity (including user
sessions, to protect high-privileged user accounts).

4
MFA

Multi-Factor Auth (MFA)

Protect user accounts with MFA (2FA) checks - enforce MFA as a policy
on users, opt out specific users, operations or networks from MFA
verification.

5
Verification

User Account Verification

Limit access to the system until user's contact details (such as
email/mobile) are verified. Opt out certain operations (such as user
profile) from verification check. Get end-to-end implementation of
email verification workflow.

6
ada

Activity-Data Authorization (ADA)

Authorize callers for not just actions but also for the data on which
actions are being performed, with a convention-based ADA component
that automatically determines permissionCodes and discovers sensitive
data fields (resources) in requests, and gives you various options to
override the default conventions.

7
Suspension

Suspension

Suspend not just users but operations on all kinds of entities - such
as financial accounts, contacts, etc. for reasons such as KYC
required, fraud detected, OFAC. Allow certain operations on suspended
entities such as read-only access, upload KYC document.

    "BHIS would like to commend Forge Trust on their implementation
    of the authorization header. The dynamic nature of this header
    helps to secure the application by preventing replay attacks and
    request tampering."

-- from PENTest performed by Black Hills Information Security on ISCP
powered by ASPSecurityKit (referring to HMAC scheme).

Cut cost, ship fast

ASPSecurityKit cuts the time it takes to develop secure web
applications and APIs by 20%.

Jump straight into developing business features - get implementation
of several important common workflows including account management (
register, login, two-factor auth, forgot password, account settings,
IP firewall management, email verification), user management (add/
remove/suspend users, permissions), administration (impersonation,
transfer), security event notifications, production-ready error
handling and much more, right into your project as source code
without writing a single line of code!

    "ASPSecurityKit has saved us hundreds of developer hours and
    thousands of Pounds. I was blown away by the speed at which our
    developer single-handedly developed a complex multi-tenanted,
    multi-user order lifecycle management web application for a
    prestigious client in record time."

-- Ross Williams, founder at Rosscom - a web design and development
company (London, U.K.)
Choose a source package for your project

Create marketplace systems (connecting buyers/sellers)

or hierarchical systems (as in an organization chart)

or a mix of these with ease.

 1.
 2.
 3.

Financial System

  

IRA Custodian Security Architecture

  * Above architecture represents an IRA custodian cloud system like
    ISCP that has multiple institutional tenants in form of asset
    providers, individual IRA clients and a custodian. Both providers
    and custodian have multiple kinds of users representing various
    business roles.
  * XSS, MFA, IP Firewall, ADA are the various checks enforced by the
    ASPSecurityKit's multi-stage security pipeline.
  * HMAC, ServiceKey, ServiceHMAC, AuthCookie are the authentication
    schemes supporting different integration scenarios with client
    apps/third-party services, referring identities such as user
    sessions, site-to-site API keys to authenticate.
  * ADA is a unique access control mechanism that gives you
    convention-based, granular control on what operations a caller
    can execute and on what data it can execute those operations.

  

Marketplace System

  

Marketplace Security Architecture

  * Above architecture represents an ECommerce marketplace cloud
    system that has multiple institutional tenants in form of
    sellers, individual/institutional buyers and the ECommerce
    company. The institutional clients and ECommerce company have
    multiple kinds of users representing various business roles.
  * XSS, MFA, Suspension, Verification, ADA are the various checks
    enforced by the ASPSecurityKit's multi-stage security pipeline.
  * HMAC, ServiceKey, AuthCookie are the authentication schemes
    supporting different integration scenarios with client apps/
    third-party services, referring identities such as user sessions,
    site-to-site API keys to authenticate.
  * ADA is a unique access control mechanism that gives you
    convention-based, granular control on what operations a caller
    can execute and on what data it can execute those operations.

  

Developer Portal

  

Developer Portal Security Architecture

  * Above architecture represents a developer portal supporting
    different grades of API subscriptions, giving access to only the
    portion of docs included within the subscribed plan, made
    possible by the granularity of ASK's ADA feature.
  * XSS, MFA, ADA are the various checks enforced by the
    ASPSecurityKit's multi-stage security pipeline.
  * HMAC, AuthCookie are the authentication schemes supporting
    different integration scenarios with client apps/third-party
    services, referring identities such as user sessions,
    site-to-site API keys to authenticate.
  * ADA is a unique access control mechanism that gives you
    convention-based, granular control on what operations a caller
    can execute and on what data it can execute those operations.

  

Previous Next
Create your project with ASPSecurityKit

Protect against today's threat landscape;

harden against OWASP Top Ten

and be prepared against evolving future threats with regular library
updates and expert guidance

Strong Password Hashing

Strong Password Hashing

Password hashing using PBK salted hashing protecting against
dictionary attacks.

Change the default hashing algorithm with ease

Password Blocking

Password Blocking

Detect and protect user data when account credentials are compromised
(Credential hijacking)

Suspend User

Suspend User

Revoke access temporarily or permanently of unruly users

Request Integrity

Request Integrity

Protect against request tampering and man-in-the-middle attacks

Request Expiration

Request Expiration

Detect and prevent request replay attacks and define request
life-time

Integrator Identification

Integrator Identification

Detect and reject connections from integrating institutional clients
based on origin white lists

Key Leakage

Key Leakage

Protect sensitive API Keys from being used from browser and non-white
listed IPs

XSS

XSS

Components and guidance to implement End-to-end protection against
XSS

Feature Hiding

Feature Hiding

Manage access and visibility of menus, actions and pages based on
privilege level of users with the permission-based authorization

ASPSecurityKit is,

an outcome of a decade of experience in developing security features
in projects for clients ranging from multi-billion financial
institutions, private healthcare, insurance, to hospitality,
manufacturing, classified crypto marketplaces and customer support
services.

Some of our clients

 
IRA Services (Forge Trust)
Kirwin & Simpson
Crowe LLP
PerformTel Support
Gluco (Cloudstick Technologies)
Myriad Inc.
Ernst & Young
IRA Services (Forge Trust)
Kirwin & Simpson
Crowe LLP
PerformTel Support
Gluco (Cloudstick Technologies)
Myriad Inc.
Ernst & Young

  * [email protected]
  * Twitter
  * Youtube

  * About Us
  * Contact Us
  * Terms

(c) 2021 Khosla Tech Private Limited All Rights Reserved Privacy Policy
x
Name [                    ]
Email [                    ]
Message [                    ]
Submit
Close
x
Got it
I have a question
Close
x