Application Security

Application security.

Our codebots are constantly being updated as new vulnerabilities are discovered and standards are changed to ensure that your applications maintain a high level of security.

A codebot's code takes into consideration the top 10 vulnerabilities for open web applications, in accordance with Open Web Application Security (OWASP) standards. Our goal is to keep your app as secure as possible.

What are those vulnerabilities?

OWASP top 10 web application security risks and vulnerabilites

Injection

Broken authentication

Sensitive data exposure

XML external entities (XEE)

Broken access control

Security misconfiguration

Cross-site scripting (XSS)

Insecure deserialisation

Using components with known vulnerabilities

10.

Insufficient logging and monitoring

Our security goal.

Our goal is for our code to reach 100% compliance with OWASP standards. While we are not quite there yet we have made some great progress!

C#Bot

10%

SpringBot

10%

We want to set our users up for success. We provide the secure code and then it's up to the user to extend this into their custom code and throughout deployment.

Latest blog articles

The Internet of Things (IoT) has evolved the way we communicate and given us access to more knowledge than we could ever process in a lifetime. Unfortunately, this open flow of communication exposes us to an infinite stream of security threats. As technology continues to evolve, it is essential that we set and follow web security standards for our cloud based applications, our data security, and our software application security.

Application security is a fundamental consideration when it comes to app development. Here you'll find blog articles about web security standards and best practice to keep your software applications secure.

Navigating software licensing models

Leo Mylonas, 22 January 2018

It’s easy to see why the first step for most after completing a project is usually to monetise. While there are a number of ways to monetise, some types of software licensing are growing in popularity among project owners as a method of monetisation.

What is shadow IT? Why you should care and how you can stop it.

Brodie O'Carroll, 29 June 2018

Shadow IT accounts for 30-40% of IT spending and a third of successful data hacks are through shadow IT resources. You would be hard pressed to find an organisation completely unaffected by shadow IT.

What is AAA security? An introduction to authentication, authorisation and accounting

Brodie O'Carroll, 27 November 2018

Authentication, authorisation and accounting (AAA) refers to a common security framework for mediating network and application access. AAA intelligently controls access to computer resources by enforcing strict access and auditing policies. This process ensures that access to network and software application resources can be restricted to specific, legitimate users.

Cybersecurity for cloud applications versus local ones

Leo Mylonas, 06 December 2018

Historically, businesses stored data locally, on either individual machines or servers. Now, more and more businesses are turning to the cloud for data storage and other services.

How to mitigate your low code security risk

Leo Mylonas, 06 December 2018

App builder platforms have a plethora of names: low-code, no-code, rapid application development software, mobile app development platform, and now multi-experience development platforms.

What is OWASP? Web security standards with the Open Web Application Security Project

Hayden Steel, 06 December 2018

The Open Web Application Security Project (OWASP) focuses on improving the security of software. OWASP has made a range of tools to help meet web security standards, including automatically identifying security vulnerabilities in web applications.