Security is a very important aspect in the development of enterprise software. Low-code-based applications must therefore also be tested and checked accordingly. Simplifier now offers its existing customers these measures.
Security plays an important role in the creation of business applications: before an application can go live, an important measure must be implemented: Security tests and reviews of applications are essential in the field of enterprise software development. This also applies to applications developed with low-code.
When we look at the end result of most business applications, we are generally talking about web technologies, but especially web applications that need to be checked for security aspects.
Penetration testing of web applications on the basis of OWASP
Since we are dealing with low-code applications built with Simplifier in this blog post, we are talking about HTML5 applications based on OpenUI5/SAPUI5 and RESTful backend services that need to be tested. This is where OWASP comes into play. What exactly is OWASP?
The OWASP Top 10 and their impact on low-code
A look at the OWASP Top 10 list is a good starting point for testing applications created with low-code. A look at the first 3 items on the top ten list shows the following:
As many enterprise applications involve data entry and forms, potential vulnerabilities in the use of certain parameters need to be checked. In addition, authentication within enterprise applications plays a major role, so checks for incorrect authentication and session highjacking must be considered. Another critical point is the disclosure of sensitive data, which also plays a central role in the development of enterprise applications.
Looking at the rest of the points listed, it becomes clear that security audits need to be planned, structured and standardized wherever possible to minimize the effort per application developed. To solve this problem for Simplifier customers, we have a new enabling offering to help them audit the security of their applications.
Special offer
Existing customers who have a Simplifier Enabling package can now book our new security audit for Simplifier applications. Our experts will check all existing low-code applications for security-relevant criteria according to OWASP Top 10 – specially adapted to applications created with Simplifier, including a report and a result certificate in the form of a whitebox test.
This means that we will also check the low-code configuration, role and rights management and, of course, the top 10 security aspects.
The security audit is based on a low-code-specific security checklist.
Safety checklist
Among other things, we check:
- whether security-relevant data is stored locally in the browser
- whether data can be manipulated
- whether data is encrypted or not
- whether simplifier authentications are sufficiently restrictive
We also check the applications we create against the Simplifier security guidelines.
We also give advice on how security gaps can be closed.
