Mykonos Delivers Secure Web Applications With Zero Footprint

Market Wire, June, 2009

Mykonos Software announced today the general availability of a new version of Mykonos and a major update to their innovative platform for building and deploying secure, Rich Internet Applications (RIA). Mykonos v1.2 contains significant new enhancements that help extend enterprise security measures to the AJAX client.

"CIOs and CSOs have been forced to settle building Web applications that need client-side plug-ins to run and lack enterprise security," said David Koretz, President. "Rather than trying to bolt-on security as an afterthought, Mykonos operates at the code layer, addressing the 70% of security issues that exist at the application tier."

Mykonos 1.2 addresses the gap between server-side authorization, access control, and logging solutions, and a full client-side presentation layer that rarely refreshes a Web page.

Key new security features include:

User-based Access Control

Developers can apply access control rules from existing Web Access Management solutions directly to the Mykonos presentation layer. They can apply additive user, group, and role-based permissions to entire applications, individual tabs, and even specific interface components. By applying access rules to the presentation tier, developers can deliver the same application to different groups with different privileges. They can also ensure that users never see options and objects for which they do not have data access.

Seamless Client-side SSO support

Mykonos 1.2 supports single sign-on integration with SAML v2-based identity providers such as OpenSSO. Mykonos ties SSO seamlessly into the client-side application experience: Users aren't re-directed outside of the application to login, and when their sessions time out they can re-login without losing application state.

Client-side Security Logging

Mykonos 1.2 provides an application logging service that goes beyond server-side logging to include client-side activity that occurs between page refreshes. The service logs general client activity, as well as specific security events, including:

--  Invalid signatures on requests and responses

--  Corrupted data in encrypted requests or responses

--  Attempts to access non existing methods or applications

--  Invalid login attempts

--  Unusual packet delays

--  Session timeouts
    

Selective 128-bit encryption

Mykonos provides 128-bit AES encryption as an alternative to SSL. Developers can apply AES encryption to some or all requests and responses without being constrained by cross domain scripting restrictions or data size limits.

Frame busting

Several exploits including clickjacking rely on the ability to load an application inside an iFrame element, often in an attempt to get users to click on concealed links. Mykonos 1.2 applications always own the top level frame, and automatically break out any parent frames that are not authorized. Developers can maintain a whitelist of trusted parent frame URLs in the application's XML configuration.

Mykonos 1.2 also includes significant enhancements that make it easier to build, configure, and deploy services in a multi-tenant environment, as well as several performance optimizations of its core server.

"Mykonos 1.0 was about getting the framework right -- cross browser support, a robust component library, a Visual Builder -- and shutting down the biggest threats, namely man-in-the-middle and XSS attacks," said Al Huizenga, Product Manager. "The newest release of Mykonos delivers the first hardened AJAX security layer."

For More Information

For press and analyst questions, contact Al Huizenga, Mykonos Product Manager.

Current customers can immediately access Mykonos v1.2 on the Mykonos Developer Network at dev.mykonossoftware.com.

For a 30-day trial of Mykonos 1.2, contact the Mykonos Sales Team:

--  Phone: 1.650.329.9000

--  Toll-Free: 1-877-88-WINGS

--  Email:  sales@MykonosSoftware.com 
    

About Mykonos

Mykonos is an enterprise development framework and security service for building secure and scalable Web applications. Mykonos compliments coarse-grained security measures like Web application firewalls by adding fine-grained security that protects the client-side code and data and secures the transport layer. Mykonos integrates with existing authentication, policy management, and logging systems to enable developers to focus on building features, not compliance. Mykonos is a wholly-owned subsidiary of BlueTie, a leading developer of Web-based applications. More information is available at www.MykonosSoftware.com .

Contact: Al Huizenga Mykonos Product Manager 585.586.2000 x 1110 Email Contact