Derivitec

Company:

Derivitec

Application Name:

Derivitec Risk Portal Identity Service

Assessment Technique(s):

Static Binary Analysis

Dynamic Analysis

Assurance Level:

High: critical for the business.

VerAfied since:

12/5/2017

Application Description:

The Derivitec Identity Application is the single sign-on authentication application for the Risk Portal. It implements IdentityServer4 which is an OpenId Certified (http://openid.net/certification/) security library.

 

In its reviewed state, the Derivitec Risk Portal met or exceeded the security score outlined in the CA Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. CA Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.

 

Company:

Derivitec

Application Name:

Derivitec Risk Portal API

Assessment Technique(s):

Static Binary Analysis

Dynamic Analysis

Assurance Level:

High: critical for the business.

VerAfied since:

11/21/2017

Application Description:

The Derivitec Risk Portal has been designed to all users to register, log in and start running risk on their derivatives portfolios in a matter of minutes. In the current version they support the following functionality: Portfolio creation and management; Position import from Excel;Position browsing Trade booking; Risk report generation, for both today’s data and dates in the past, with Excel export; Mark to market data, based on third party end of day and live data feeds, covering all major asset classes, globally. The Derivitec Risk Portal Api provides a programmatic interface to interact with the Risk Portal application. This is secured using the Derivitec Identity application.

 

In its reviewed state, the Derivitec Risk Portal met or exceeded the security score outlined in the CA Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. CA Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.

 

Company:

Derivitec

Application Name:

Derivitec Risk Portal

Assessment Technique(s):

Static Binary Analysis

Dynamic Analysis

Assurance Level:

High: critical for the business.

VerAfied since:

1/7/2015

Application Description:

The Derivitec Risk Portal has been designed to all users to register, log in and start running risk on their derivatives portfolios in a matter of minutes. In the current version they support the following functionality: Portfolio creation and management; Position import from Excel;Position browsing Trade booking; Risk report generation, for both today’s data and dates in the past, with Excel export; Mark to market data, based on third party end of day and live data feeds, covering all major asset classes, globally.

 

In its reviewed state, the Derivitec Risk Portal met or exceeded the security score outlined in the CA Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. CA Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.

 

 

 

contact menu