.png%3Falt%3Dmedia%26token%3D4d1a8b2a-57ee-476f-940c-8253cbd9a59d)
.png%3Falt%3Dmedia%26token%3D4d1a8b2a-57ee-476f-940c-8253cbd9a59d)
V4.1
Concepts
How-To Guides
Administration
Platform Security
XMPro platform undergoes app security checks every 3 months. We use Veracode as the provider to analyse the security of the software to help identity, prevent and fix any vulnerabilities. Veracode scans the software and tests it in multiple ways, including using Static Analysis (white-box testing), Dynamic Analysis (black-box testing), and Software Composition Analysis.
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) is a form of white-box testing which is used to scan an application’s source, binary, or byte code.
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) is the process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This is also called Penetration testing.
Software Composition Analysis (SCA)
Software Composition Analysis scans all the components used in an application for security risk and vulnerabilities.
Results
Product
SAST Score
DAST Score
Subscription Manager
98
95
App Designer
96
95
Data Stream Designer
98
95
Reports
Product
Report
Date
Subscription Manager
SM-Test-Report-17-Feb-2022.pdf
17 Feb 2021
App Designer
AD-Test-Report-17-Feb-2022.pdf
17 Feb 2021
Data Stream Designer
DS-Test-Report-17-Feb-2022.pdf
17 Feb 2021
​
Last modified 2mo ago