OutSystems dramatically accelerates application development. This speed cannot be at the expense of security. OutSystems provides a secure runtime environment and the tools necessary for secure development.
Web and mobile applications built using OutSystems are protected by default from the top security threats identified by OWASP. OutSystems low-code approach accelerates the development of secure applications in the following ways:
- Each platform upgrade automatically incorporates the latest security features into all of your applications.
- Pre-built components simplify security-related tasks such as encrypting data at rest or integrating with Identity Management systems.
- Role-based access ensures the right team members have access to change and deploy applications.
- With each release, generated code is assessed for vulnerabilities using static code analysis tools.
When using the OutSystems Cloud to build and run your applications, you can rely on state-of-the-art security encompassing:
- Dedicated virtual private cloud (VPC) infrastructure for all customers, secure access to on-premises systems with VPN, and easy uploading of custom SSL/TLS certificates.
- Proactive updating of operating systems and application servers with updates and patches, including notification to customers for security-related issues.
- Penetration testing and vulnerability scanning support for customer applications.
OutSystems provides a dedicated computer security incident response team (CSIRT) for managing security threats 24/7 and proactively monitoring reputable industry sources for newly discovered security vulnerabilities.
To report incidents, such as copyright issues, spam, and abuse, send an email to: email@example.com.
For non-incident related topics, please check outsystems.com/support.
OutSystems CSIRT RFC 2350 Profile: https://www.outsystems.com/trust/csirt/
OutSystems maintains a robust set of operating procedures including:
- Formal hiring procedures for employees and contractors including background checks.
- Security requirements built into our entire software lifecycle, from planning through deployment.
- Access management, patching management, change management, event management, and incident handling.
- A comprehensive business continuity strategy to protect the essential functions of the organization in the event of a disaster.
Forum of Incident Response and Security Teams (FIRST)
FIRST is a premier organization recognized globally as a leader in incident response. Because computer security incidents do not respect geographical, timezone, or administrative boundaries in the global Internet, OutSystems CSIRT is a member of FIRST’s trusted group of global organizations. By providing access to best practices, tools, and timely communication with other trusted member teams, we can facilitate more effective responses to security incidents.
"Sharing information in a secure and easy-to-use solution for professionals across the public sector has been groundbreaking. It has laid the foundation for mobilizing an ambitious data-sharing capability across our partners that will transform how we collectively deliver vital services."
"OutSystems provides the governance, compliance and controls we need so that the apps we deploy are not only safe and secure, but also ready to withstand any audit."
"Navies trust us to manage their critical and often complex assets using our asset management solution.
That's why we rely on OutSystems to help us meet their expectations."