Application security.
Our codebots are constantly being updated as new vulnerabilities are discovered and standards are changed to ensure that your applications maintain a high level of security.
A codebot's code takes into consideration the top 10 vulnerabilities for open web applications, in accordance with Open Web Application Security (OWASP) standards. Our goal is to keep your app as secure as possible.
What are those vulnerabilities?
OWASP top 10 web application security risks and vulnerabilites
1.
Injection
2.
Broken authentication
3.
Sensitive data exposure
4.
XML external entities (XEE)
5.
Broken access control
6.
Security misconfiguration
7.
Cross-site scripting (XSS)
8.
Insecure deserialisation
9.
Using components with known vulnerabilities
10.
Insufficient logging and monitoring
Our security goal.
Our goal is for our code to reach 100% compliance with OWASP standards. While we are not quite there yet we have made some great progress!
We want to set our users up for success. We provide the secure code and then it's up to the user to extend this into their custom code and throughout deployment.
Latest blog articles
The Internet of Things (IoT) has evolved the way we communicate and given us access to more knowledge than we could ever process in a lifetime. Unfortunately, this open flow of communication exposes us to an infinite stream of security threats. As technology continues to evolve, it is essential that we set and follow web security standards for our cloud based applications, our data security, and our software application security.
Application security is a fundamental consideration when it comes to app development. Here you'll find blog articles about web security standards and best practice to keep your software applications secure.
Navigating software licensing models
Leo Mylonas, 22 January 2018
It’s easy to see why the first step for most after completing a project is usually to monetise. While there are a number of ways to monetise, some types of software licensing are growing in popularity among project owners as a method of monetisation.
What is shadow IT? Why you should care and how you can stop it.
Jordi Kitto, 29 June 2018
Shadow IT accounts for 30-40% of IT spending and a third of successful data hacks are through shadow IT resources. You would be hard pressed to find an organisation completely unaffected by shadow IT.
What is AAA security? An introduction to authentication, authorisation and accounting
Leo Mylonas, 27 November 2018
Authentication, authorisation and accounting (AAA) refers to a common security framework for mediating network and application access. AAA intelligently controls access to computer resources by enforcing strict access and auditing policies. This process ensures that access to network and software application resources can be restricted to specific, legitimate users.
Cybersecurity for cloud applications versus local ones
Leo Mylonas, 06 December 2018
Historically, businesses stored data locally, on either individual machines or servers. Now, more and more businesses are turning to the cloud for data storage and other services.
How to mitigate your low code security risk
Leo Mylonas, 06 December 2018
App builder platforms have a plethora of names: low-code, no-code, rapid application development software, mobile app development platform, and now multi-experience development platforms.
What is OWASP? Web security standards with the Open Web Application Security Project
Hayden Steel, 06 December 2018
The Open Web Application Security Project (OWASP) focuses on improving the security of software. OWASP has made a range of tools to help meet web security standards, including automatically identifying security vulnerabilities in web applications.
The benefits of OWASP
Leo Mylonas, 19 February 2020
The Open Web Application Security Project (OWASP) is a not-for-profit foundation which aims to improve the security of web applications.
How do you know your apps are secure?
Lindsay Spencer, 11 March 2021
We go through the ASVS Levels and OWASP Standards to ensure any apps you create are as secure as possible.