Outsystems - Security Check


Outsystems should provide a tool to Outsystems developers to ensure that all screens or Services are not accessible from the Outside world (or make developers aware when they are).

We use internal tools made in Outsystems to execute requests to each Webpage and Service to get respective responses and accesses.

Created on 14 Nov 2018
Comments (6)

Whether or not something is "accessible from the Outside world" depends on your firewall configuration, right?

Unless you are talking about the "Internal Network" setting?


Hi Justin,

Of course firewall is part of the process. But normally, is not an Outsystems developer role.

For the Outsystems part, privileges and basic authentication, is something important to prevent exposing data. Warning the developer, like the SSL warning for the REST Services, is something useful as a security measure that Outsystems supports in that case.

Changed the category to Other

Miguel -

I still don't understand what you are talking about, unless you are talking about the "Internal Network" setting.

Is that what you are talking about?


Hi Justin,

When you work with a big outsystems factory and you have the responsability to ensure applications security, you need to be aware of screens and services without role or authentication validations, especially when it comes to online applications.

Being able to extract a report about those screens and services allows me to confirm architecture and business decisions and make sure that those endpoins were implemented by the team without mistakes.

The goal here is not handle infrastructure settings but instead to detect security flaws that arise from implementation mistakes. Internal Network as also a security point but does not cover the mentioned scenario.

Hope I could clarify a little bit more my ideia.

Kind regards,

Miguel Sousa

Miguel -

That makes a LOT more sense, your original post didn't mention roles, it said "Outside world" would let me to think you were looking to block people based on network location. :)

Yes, a role access report would be great!