TAIArdent_logo_Colour_Cropped.png


Protect your enterprise and prevent security vulnerabilities with Ardent Security. This program proactively prevents security vulnerabilities before they occur through system scans and updates. 

 


How Does the Ardent Security Program Work?

In such an environment, where attacks are becoming more frequent and more sophisticated, TAI is introducing the Ardent Security Program. This program proactively tests our software for vulnerabilities on a quarterly basis. If any vulnerabilities are detected, an update will be released here for clients to easily stay informed. Clients interested in the security update can submit a request.

 


4 Simple Steps 

1. TAI conducts quarterly software tests for vulnerabilities

2. Ardent Subscribers  get notified of new available updates

3. Available updates will be added to the 'Current Ardent Updates' section below.

4. To get the updade click 'SUBMIT A REQUEST' beside current upgrade

 


Current Ardent Updates

Posting Date: July 15, 2017

Update Title: TAI .NET Update to address SQL Injection and Cross-Site Scripting

Release Number: 3.4.6402.19373

Distribution Date: July 12, 2017 11:45:56 AM

CLICK TO REQUEST CURRENT UPDATE

Description: This update addresses several security vulnerabilities in the online screens of the .NET version of the TAI Life Reinsurance System.  Notably SQL Injection and Cross-Site Scripting.  This was addressed on all of the screens in the system, making this update rather large as it modified every screen in the system.

This is the first TAI Ardent Security Update, so if you have not applied an update in the last year, this update will also address OS Command Injection, Script/Code Injection, Open Redirection, Cross-site Request Forgery (CSRF), and Frameable Response/Clickjacking.

If you have not used your testing environment in a while, always make sure the region is accessible and working before applying the update.  That way you are not trying to resolve problems that existed before the update was applied. 

Because of the size of this update, TAI will be doing some internal validation of your client specific environment before you can apply this update.  When the update is requested, a follow up email will be sent containing the regression testing outline TAI performed against the base system.  You will then be added to the queue for the update to be applied to your environment at our office and a validation done of any client specific fields.  This may take several weeks depending upon the volume of interest in the update. 

Once testing is complete and the environment is approved, an email will be sent with the credentials to access the update and apply it to your Test/Dev/Model environment.  TAI recommends you follow your internal acceptance testing protocols before promoting the software to your Production environment.  More information can be found in the regression testing document you will receive when you request the update via Ardent. 

Request Ardent Update

 


Ardent FAQ

[fa icon="plus-square"] What if no vulnerabilities are detected?
If no vulnerabilities are detected, no software update will be available, but an entry will be made to show the last time the system was tested.
[fa icon="plus-square"] Is Ardent mandatory for me as a TAI client?

The security updates are not mandatory, but they are proprietary. We do highly recommend the updates for our clients to prevent security vulnerabilities.

[fa icon="plus-square"] How often will updates be posted on the Ardent page?

Our base system will be tested quarterly.  If any vulnerabilities are found, updates will be made and tested.  Once testing is complete, the updates will be added to the page to be made available to our clients.

[fa icon="plus-square"] How can I get these security updates?

Simply request a download by clicking the button below the update and filling out the form with information.

[fa icon="plus-square"] Is there a way for me to stay informed of future updates so I don’t have to check the page?

Yes, you can sign up for our TAI Ardent Security Update Notifications to be sent future communication of updates. You also have the option to do so when you submit a request for an update.  

[fa icon="plus-square"] If there is more than one security update available, will I need to submit a request for all of them?
No, each update will encompass all previous security updates. You will only have to submit a request for the most current update available.
[fa icon="plus-square"] What testing is required for these updates?

If you have not used your testing environment in a while, always make sure the region is accessible and working before applying the update.  That way you are not trying to resolve problems that existed before the update was applied. 

A testing document will be distributed with your request that outlines the regression testing performed by TAI.  It is the recommendation of TAI that you follow your typical software regression testing protocol, which should include any on-line client-specific modifications you have (functionality and screen/fields). The security updates do not always affect cycles, but as noted, if your typical validation of software includes batch cycle testing, it’s recommended that you follow your internal procedures.

[fa icon="plus-square"] Is a tested full software update of my client specific TAI System available?

If you would like this update applied to your client specific environment at TAI, have TAI test your system, and return you a full client specific software update instead of applying generic update, just contact TAI for an SOW to outline what is involved in having us do the testing for you.

[fa icon="plus-square"] Which version of TAI .NET are these updates compatible with?

The TAI Ardent Security Updates can be applied to any release (2.x or 3.x) of the .NET version of the TAI Life Reinsurance System.