Platform Security
XMPro places a high priority on security, performing app security checks every 3 months using Veracode. Veracode's comprehensive analysis helps identify, prevent, and fix vulnerabilities through multiple testing methods: Static Analysis (white-box testing), Dynamic Analysis (black-box testing), and Software Composition Analysis.
Security Technologies and Practices
Our suite of products leverages robust technologies and practices to maintain a high security standard:
App Designer, Data Stream Designer, and XMPro AI are built on dotnet 8.
Subscription Manager is built on net481.
In the event a vulnerability is identified in any of these technologies, Microsoft promptly releases an update. We integrate these updates into our products and regularly release new versions that include essential security fixes.
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) is a form of white-box testing used to scan an application’s source, binary, or byte code.
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) analyzes a web application through the front end to find vulnerabilities through simulated attacks. This is also called Penetration testing.
Software Composition Analysis (SCA)
Software Composition Analysis scans all the components used in an application for security risks and vulnerabilities.
Results
Product | SAST Score | DAST Score | Date |
---|---|---|---|
Subscription Manager | 92 | 95 | 21 Nov 24 |
App Designer | 77 | 95 | 21 Nov 24 |
Data Stream Designer | 89 | 95 | 21 Nov 24 |
XMPro AI | 77 | 95 | 21 Nov 24 |
WorkFlow | 96 | 91 | 21 Nov 24 |
Support and Recommendations
.NET versions are supported by Microsoft for 3 years after release, as detailed in their support policy. To ensure you have the most secure XMPro offerings, we recommend upgrading at least every 3 months to take advantage of the latest security updates and features.
Last updated