Ever wondered why we go through multiple security checks before boarding a flight.? It is to prohibit any kind of threats. Securing an application is equally important as it is where the user database is available and can be used for many malicious purposes.
WaveMaker being a low-code platform has not only made application development easy but also provided integrated features, strategies, and extensive security configuration to manage security within the application. Applications created in WaveMaker are inherently secured and ready for immediate use upon completion of development.
Authentication and Authorization
If an application is free from authentication and authorization mechanisms, it becomes easy to use and corrupt any resource. This is handled in WaveMaker with just one click.
Yes!, this easy action allows us to enable basic authentication and authorization along with multiple configurations to validate the identity of the application users and apply necessary restrictions based on the user role.
Authentication
WaveMaker comes with several authentication mechanisms that can cater to any type of security requirements. Users can apply basic single-level authentication or use complex multi-level authentication to secure the application. Here is the list of the authentication mechanisms that our platform provides.
- OpenID
- LDAP
- Database
- Active Directory
- SAML
- CAS
Authorization
When it comes to Authorization, WaveMaker makes it very simple for any user to apply the Role-Based Access Control(RBAC) security restriction to help control access to specific features, functionalities, or data within an application. With this, users with appropriate privileges and permissions can perform certain actions or access certain functionalities.
Role-Based Access Control
In WaveMaker, RBAC can be set up for various application resources such as widgets, pages, data, and APIs through configuration.
- API Access
- Page Access
- Widget Access
Safeguarding Web Applications against Vulnerabilities
Safeguarding the developed web applications from potential risks and vulnerabilities is the most critical aspect that our platform ensures by following the below-provided principles and techniques.
OWASP Top 10
With user-customizable security policies, WaveMaker wipes out the security issues presented in OWASP's Top 10 vulnerabilities. This builds assurance with the users that the developed application has no risk associated with code execution, unauthorized data access, data breaches, cross-origin attacks, clickjacking, insecure communication, and unauthorized database manipulation while abiding by security standards.
Below are the protective measures that WaveMaker offers to secure against OWASP vulnerabilities.
- XSS
- SSL
- CORS and X-Frame
- SQL Injection
Third-party Dependent Libraries
Dealing with threats while using third-party libraries is to make sure of the quality of external resources that we use in our application development. WaveMaker uses SONARQUBE which provides a comprehensive analysis of code quality, bug identification, and security vulnerabilities.
This frequent evaluation allows the development team to catch potential issues early in the development process, preventing the accumulation of technical debt and enhancing the overall stability of the software.
Our Commitment to Application Security
WaveMaker stands as a secure platform to build applications by becoming the first Java low-code platform to achieve Veracode certification that ensures that the first-party code is assessed, and remediation guidance is provided.
As believed, with WaveMaker you can focus on your application while the security is taken care of by WaveMaker.