Security

OutSystems dramatically accelerates application development. This speed cannot be at the expense of security. OutSystems provides a secure runtime environment and the tools necessary for secure development.

Application Security

Web and mobile applications built using OutSystems are protected by default from the top security threats identified by OWASP. OutSystems low-code approach accelerates the development of secure applications in the following ways:

  • Each platform upgrade automatically incorporates the latest security features into all of your applications.
  • Pre-built components simplify security-related tasks such as encrypting data at rest or integrating with Identity Management systems.
  • Role-based access ensures the right team members have access to change and deploy applications.
  • With each release, generated code is assessed for vulnerabilities using static code analysis tools.

Learn more about application security

Infrastructure Security

When using the OutSystems Cloud to build and run your applications, you can rely on state-of-the-art security encompassing:

  • Dedicated virtual private cloud (VPC) infrastructure for all customers, secure access to on-premises systems with VPN, and easy uploading of custom SSL/TLS certificates.
  • Proactive updating of operating systems and application servers with updates and patches, including notification to customers for security-related issues.
  • Penetration testing and vulnerability scanning support for customer applications.

Learn more about infrastructure security

Security Operations

OutSystems provides a dedicated computer security incident response team (CSIRT) for managing security threats 24/7 and proactively monitoring reputable industry sources for newly discovered security vulnerabilities.
To report incidents, such as copyright issues, spam, and abuse, send an email to: csirt@outsystems.com.
For non-incident related topics, please check outsystems.com/support.
OutSystems CSIRT RFC 2350 Profile: https://www.outsystems.com/trust/csirt/
OutSystems maintains a robust set of operating procedures including:

  • Formal hiring procedures for employees and contractors including background checks.
  • Security requirements built into our entire software lifecycle, from planning through deployment.
  • Access management, patching management, change management, event management, and incident handling.
  • A comprehensive business continuity strategy to protect the essential functions of the organization in the event of a disaster.

Learn more about security operations

Forum of Incident Response and Security Teams (FIRST)

FIRST is a premier organization recognized globally as a leader in incident response. Because computer security incidents do not respect geographical, timezone, or administrative boundaries in the global Internet, OutSystems CSIRT is a member of FIRST’s trusted group of global organizations. By providing access to best practices, tools, and timely communication with other trusted member teams, we can facilitate more effective responses to security incidents.

Cloud Shared Responsibility Model

In the OutSystems cloud model, OutSystems shares control of the cloud environments with you. This approach relieves you of the operational burden as OutSystems operates, manages, and controls the components from the platform down to the infrastructure. Your responsibilities include securing the applications and integrations you develop with OutSystems.

Learn more about the Shared Responsibility Model

Information Security

OutSystems has implemented a formal information security program designed to protect the confidentiality, integrity, and availability of customer systems and data. OutSystems identifies security risks and puts controls in place to manage or eliminate those risks and gain stakeholders and customers trust that their confidential data is protected and available.

Related Security Topics

Platform Hardening
"Navies trust us to manage their critical and often complex assets using our asset management solution.
That's why we rely on OutSystems to help us meet their expectations."
Andrew Venables, Head of Systems Integrations - Atos Australia and New Zealand
"Sharing information in a secure and easy-to-use solution for professionals across the public sector has been groundbreaking. It has laid the foundation for mobilizing an ambitious data-sharing capability across our partners that will transform how we collectively deliver vital services."Neil Crump, Head of Digital Transformation and Customer Services - Worcestershire County Council
"OutSystems provides the governance, compliance and controls we need so that the apps we deploy are not only safe and secure, but also ready to withstand any audit."Dave Peppard, CIO - AcuteCare