Low-code application security is a key issue, especially in financial institutions. In the world of the Meltemee platform, application security is ensured at the level specified in the OWASP ASVS Level 2 standard.
OWAS ASVS L2
The OWASP ASVS Level 2 standard sets significantly higher requirements than the TOP 10 level commonly found on the market. Level 2 comprises 19 chapters and 146 subchapters describing the principles of:
- design,
- building,
- testing web solutions,
- technical security controls,
- secure architecture,
- secure system lifecycle,
- threat modeling,
- CI/CD
Low-code designers working in the Meltemee environment do not need to worry about the security of the application they are developing, as it is ensured by the platform at a level that allows the processing of sensitive and legally protected data. Thanks to the Meltemee platform's compliance with the OWASP ASVS Level 2 standard, applications meet high security requirements and include the ability to implement robust authorization policies in accordance with organizational requirements.
ABAC – Attribute Base Access Control
The Meltemee platform provides permissions in accordance with the ABAC – Attribute Base Access Control model. With ABAC, users are granted access based on specific attributes of both the user and the process. User attributes may include, among others: a person's assignment within the organization, their level of privileges within the organization, their level of privileges within the process, their location, and many other factors. Process attributes may include the importance level of a process step, decision level, tasks, resource permissions, task completion time, and various other relevant characteristics. The ABAC model reveals its strength in complex, distributed, and multi-entity organizations, but it also works well in smaller companies.
Low-code application – 360° view
In our series “low-code by yarrl – enterprise solutions” about the Meltemee platform and low-code applications, we discuss selected examples of solutions.
Personal data changes – customers change their names, places of residence, contact details, phone numbers, and email addresses.
How can all this changing data be handled? The answer is a 360° view, which is the single source of truth about customers in your organizations. A source of truth that can be seen in a unified customer view. This solution could be one of the CRM modules, a central customer database module, or it can function on its own. The purpose of the 360° view is to provide application users with a single source of truth about customers. The system presents the customer profile, including personal data, current contact details, a list of products used by the customer with an indication of the source system where the transaction was recorded, contact history and plan, and a list of consents to the processing of personal data in accordance with the requirements of the GDPR.
Retention of personal data and documents
Complete customer information, including information about consents, processing bases, and processing activities allows the system to determine whether the authorization to process specific data is still valid or whether unnecessary data needs to be deleted. Appropriately parameterized algorithms identify retention periods for individual objects related to the customer, and when the retention period expires, the application sends requests to the customer's domain systems that process personal data. The personal data retention process in the customer's domain systems can be fully automated or controlled by the administrator.
The high level of security and ABAC authorization of the Meltemee platform enable a unified 360° view for multi-entity organizations and holding companies.
