Low-code application security on the Meltemee platform
Low-code application security is a key issue, especially in financial institutions. In the world of the Meltemee low-code platform, application security is ensured at the level specified in the OWASP ASVS (Application Security Verification Standard (ASVS) Level 2 standard.
OWASP ASVS - Application Security Verification Standard Level 2
The OWASP ASVS standard at level L2 sets significantly higher requirements than the TOP 10 level commonly found on the market. Level L2 comprises 19 chapters and 146 subchapters describing the principles of designing, building, and testing web solutions, technical security controls, secure architecture, secure system lifecycle, threat modeling, and CI/CD. Low-code designers in the Meltemee environment do not have to worry about the security of the application they are developing, as it is ensured by the platform at a level that allows the processing of sensitive and legally protected data. Thanks to the Meltemee platform's compliance with the OWASP ASVS standard at L2 level, applications meet high security requirements and include the ability to implement robust authorization policies in accordance with organizational requirements.
ABAC – Attribute Base Access Control
The Meltemee platform provides authorizations in accordance with the ABAC – Attribute Base Access Control model. With ABAC, users are granted access based on specific attributes of both the user and the process. User attributes may include, among others: a person's assignment within the organization, their level of permissions within the organization, their level of permissions within the process, their location, and many other factors. Process attributes may include the importance level of a process step, the decision level, tasks, resource permissions, task completion time, and various other relevant characteristics. The ABAC model reveals its strength in complex, distributed, and multi-entity organizations, but it also works well in smaller companies.
Low-code application – 360° view
In our series “low-code by yarrl – enterprise-class applications” about the Meltemee platform and applications created on the platform, we discuss selected examples of solutions. One of the applications worth mentioning is the 360° view
Personal data changes – customers change their names, places of residence, contact details, phone numbers, and email addresses. How can you handle all this changing data? The answer is the 360° view, which is the single source of truth about customers in your organization. A source of truth that can be seen in a unified customer view. This solution can be one of the CRM modules, an MDM database, or function independently. The purpose of the 360° view is to provide application users with a single source of truth about customers. The system presents all collected customer data, including customer personal data, current contact details, a list of products used by the customer with an indication of the source system where the transaction was recorded, contact history and plan, and a list of consents to the processing of personal data in accordance with the requirements of the GDPR.
Retention of personal data and documents
Complete customer information, including information about consents, processing bases, and processing activities, allow the system to determine whether the authorization to process specific data is still valid or whether unnecessary data needs to be deleted. Appropriately parameterized algorithms identify retention periods for individual objects related to the customer, and when the retention period expires, the application sends requests to the customer's domain systems that process personal data. The personal data retention process in the customer's domain systems can be fully automated or controlled by the administrator.
