Platform Security
XMPro platform undergoes app security checks every 3 months. We use Veracode as the provider to analyze the security of the software to help identify, prevent, and fix any vulnerabilities. Veracode scans the software and tests it in multiple ways, including Static Analysis (white-box testing), Dynamic Analysis (black-box testing), and Software Composition Analysis.
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) is a form of white-box testing used to scan an application’s source, binary, or byte code.
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) analyzes a web application through the front end to find vulnerabilities through simulated attacks. This is also called Penetration testing.
Software Composition Analysis (SCA)
Software Composition Analysis scans all the components used in an application for security risks and vulnerabilities.
Results
| Product | SAST Score | DAST Score | Date |
|---|---|---|---|
Subscription Manager | 91 | 95 | 19 Mar 24 |
App Designer | 80 | 95 | 19 Mar 24 |
Data Stream Designer | 89 | 95 | 19 Mar 24 |
XMPro AI | 99 | Not Applicable | 19 Mar 24 |
Last updated