3. Application security
OutSystems has implemented a range of measures to ensure that applications developed with the platform are protected against the security vulnerabilities detailed by OWASP.
With OutSystems, customers can leverage the power of low-code development to accelerate the creation of secure applications. Robust app security is achieved with significantly reduced effort compared to traditional coding methodologies. For example, each platform update incorporates the latest security features that become available as applications are transformed from low-code to the standard languages used at runtime without having to change the applications. Additionally, prebuilt components simplify security-related tasks, such as encrypting sensitive data or integrating with identity management systems, so customers don't have to do this themselves.
OutSystems provides further protection by warning developers at design time about potentially unsafe application patterns. This includes detecting risks such as code injection attacks, cross-site scripting, unvalidated redirects, and violation of data isolation when querying different databases.
- Vulnerability management
- Software updates and patching
- Secure software development lifecycle
- Secure DevOps and continuous integration/deployment (CI/CD)
When using OutSystems to build and run your applications, you can rely not only on state-of-the-art security but also advanced vulnerability management mechanisms such as:
- Proactive updating of operating systems and application servers with updates and patches, including notifying customers about security-related issues.
- Frequent security assessments, such as penetration testing, a bug bounty program, in-house testing, and secure code reviews - all to help us identify and address potential vulnerabilities in the software.
- Automated security testing tools that augment the manual efforts and enhance efficiency.
Software updates and patching
OutSystems frequently installs updates of the operating system and application server and reassesses, in the context of the OutSystems Cloud, the risk of vulnerabilities reported by third-parties. AWS automatically schedule security and durability related patches for the database, and we duly propagate such notifications to customers. We also proactively update our software, when required, to defend the security and/or availability of the OutSystems Cloud.
Secure software development lifecycle
OutSystems is designed to cater to the needs of high-performance apps that access sensitive data, operate in strict regulatory environments, implement core business processes, or play a critical role in the end-customer’s journey. The following capabilities underscore our commitment to a secure software development lifecycle (SDLC).
Secure DevOps and continuous integration/deployment (CI/CD)
OutSystems adopts a secure DevOps approach, seamlessly integrating development, security, and operations teams to prioritize security throughout the CI/CD pipeline. The platform empowers organizations to build, deploy, and maintain secure applications efficiently and effectively.
The integration of Secure DevOps and CI/CD practices, combined with robust security features and comprehensive auditing capabilities, ensures that organizations can confidently use OutSystems to deliver secure applications to meet all demands while maintaining high development productivity.