SDLC

SymphonyAI uses the software development life cycle (SDLC) model to build products by adhering to standards and secure coding practices. SymphonyAI product teams are well trained to analyze all requirements in detail and use the principle of “security by design” before developing product features.

*Note: Except the four cookies (SessionTimeout, ServerTime, SessExpired, LogStatus) which are related to Session Timeouts, the rest of everything can be made HTTPONLY by updating below tags in web.config
Need to below key under App setting:

SDLC Process Document SummitAI SDLC Process Document.pdf
​Sonar Report (Code Review) ​Sonar is a code review tool executed by all engineers before the check-in of the code. All blockers and critical ones are mandatorily resolved. We have already started the architecture revamp of the product which will take care of all the issues including major and minor ones. SampleSonarReport_ B009_Tahoe.pdf

 

Cookie Related Information

Web Cookies [Internal application only] Remark
Does the application use any web cookies?  Yes
Cookie name ASPXAUTH, ASP.NET_SessionId, AuthToken, CustomURLCookie, FormLoginCookie, LOGSTATUS, LoginTypeCookie, SERVERTIME, SESSEXPIRED, SESSIONTIMEOUT, __AntiXsrfToken
Refer below table for more details
Cookie type  HTTP Cookie
Cookie provider  ASP.Net
Functionality of cookie  Used for Session Management and to persist other data between requests
What are the personal data attributes collected?  No personal data collected in Cookies
Why is personal data collected using cookies?  No Personal data collected
Where is the cookie data stored?  Part of Client Browser cache and temp files
How long is the cookies data stored?  24 hours
Is secure flag enabled?  Yes
Is it a HTTP only flag enabled cookie?  Yes
​Do we encrypt cookies? Yes. (​Except ASP.NET basic cookies, all the cookie information by default encrypted.)

 

Cookie Details

Cookie Name Purpose Cookie Category Expiry
.ASPXAUTH ASP .Net Default Cookie Strictly Necessary Cookies Persistent
ASP.NET_SessionId ASP .Net Default Cookie Strictly Necessary Cookies Session
AuthToken Generate Unique GUID value for VAPT Strictly Necessary Cookies Session
CustomURLCookie For opening Tickets from mail Strictly Necessary Cookies Persistent
FormLoginCookie To detect whether form login Strictly Necessary Cookies Persistent
LOGSTATUS Session Timeout Pop up related Strictly Necessary Cookies Persistent
LoginTypeCookie To detect the type of login Strictly Necessary Cookies Persistent
SERVERTIME Session Timeout Pop up related Strictly Necessary Cookies Persistent
SESSEXPIRED Session Timeout Pop up related Strictly Necessary Cookies Persistent
SESSIONTIMEOUT Session Timeout Pop up related Strictly Necessary Cookies Persistent
__AntiXsrfToken ASP .Net Default Cookie for AntiXsrf Token Strictly Necessary Cookies Session

*Note: Except the four cookies (SessionTimeout, ServerTime, SessExpired, LogStatus) which are related to Session Timeouts, the rest of everything can be made HTTPONLY by updating below tags in web.config. Need to below key under App setting.

<add key=”App:HTTPOnlyCookie” value=”true” />