Secure development

Secure development

ApprovalMax develops security best practices and frameworks according to OWASP Top 10 and SANS Top 25.
To ensure the highest security in our software, we use the following best practices:
  1. Developers participate in regular security training to learn about common vulnerabilities and threats.
  2. We review our code for security vulnerabilities.
  3. We regularly update our dependencies and make sure none of them has known vulnerabilities.
  4. We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase.
  5. We rely on yearly third-party security experts to perform penetration tests of our applications.
For questions related to information security, please refer to our Security Portal.

    • Related Articles

    • What is "Trust this device" feature?

      The "Trust this device" feature is a functionality that allows users to designate a specific device as trusted during the login process. When enabled, this feature provides the user with the convenience of bypassing the usual two-factor ...

    • SSL usage

      All data is transferred via a TLS-secure channel. SSL is used for both the web app and API. For questions related to information security, please refer to our Security Portal.

    • How to set up / delete a passkey

      A passkey is a new type of authentication method that aims to replace passwords. It uses a combination of hardware and software to create a secure and more user-friendly login experience. Passkeys rely on strong cryptographic methods and biometric ...

    • How can I connect ApprovalMax to QuickBooks Online?

      This is how you connect ApprovalMax to QuickBooks Online: Open the main menu, select your Organisation and navigate to "Approval workflows" page under "Workflows and settings" section: Click on the button "Connect" next to Approval workflows for ...

    • Do I need to activate 2FA if I use a passkey?

      If you choose to use a passkey, you won't be prompted to set up two-factor authentication (2FA) – irrespective of whether or not 2FA is mandatory in your Organisation. Also, if you have 2FA already enabled and then set up a passkey, you won't have to ...