Security audit

I’m also wanted to understand a bit about the security features provided by Wappler itself, like:

1. Industry Standards:
   Does Wappler follow recognised security standards like OWASP Top 10, CWE Top 25, or the NIST Cybersecurity Framework?

2. Code Security:
   Steps to ensure that the code is secure and follows best practices, ex: dmx libs?,are tools like semgrep, etc used in the release process

@patrick @George, could you please provide some insight on this?

Wappler doesn't enforce you to use a certain implementation, we try to give you all the tools needed that fits your needs and are following standards as good as possible. It is good to follow the OWASP guidelines and we try to give you all the tools needed for that, if you miss something that is important then just let us know.

There are vulnerabilities that we cannot resolve on our own without breaking standard Wappler code. Whether we can ignore any of these is the question, but it would be ideal if the High severity (red color) are actioned by Wappler team.

image901×288 24.6 KB

image864×256 25.4 KB

image858×165 9.59 KB

image844×162 12.8 KB

image840×400 37.6 KB

image808×387 33.4 KB

image852×370 29.6 KB

image789×378 34.6 KB

image814×199 18 KB

image852×193 18.2 KB

image848×180 17 KB

image851×166 11 KB

image839×170 14.8 KB

image859×190 16 KB

image848×160 13.9 KB

image799×156 10.9 KB

image832×196 17.1 KB

image842×215 19.8 KB

image855×196 16.4 KB

image830×166 14.1 KB

image838×201 18.4 KB

image816×163 13.8 KB

image810×374 31.2 KB

image897×188 16.9 KB

Bump.

bump