Secure development

Secure development

ApprovalMax develops security best practices and frameworks according to OWASP Top 10 and SANS Top 25.
To ensure the highest security in our software, we use the following best practices:
  1. Developers participate in regular security training to learn about common vulnerabilities and threats.
  2. We review our code for security vulnerabilities.
  3. We regularly update our dependencies and make sure none of them has known vulnerabilities.
  4. We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase.
  5. We rely on yearly third-party security experts to perform penetration tests of our applications.
For questions related to information security, please refer to our Security Portal.
    • Related Articles

    • Does ApprovalMax support SSO?

      At the moment, we only support Google, Xero and Intuit Single Sign-On.  We currently do not support Okta, Azure or Office365 SSO. However, we are considering Okta and Azure SSO for development but cannot commit to a time frame right ...
    • SSL usage

      All data is transferred via a TLS-secure channel. SSL is used for both the web app and API. For questions related to information security, please refer to our Security Portal.
    • How can I connect ApprovalMax to QuickBooks Online?

      This is how you connect ApprovalMax to QuickBooks Online: Open the main menu, select your Organisation and navigate to "Approval workflows" page under "Workflows and settings" section: Click on the button "Connect" next to Approval workflows for ...
    • Where is the data stored?

      With due respect to the fact that our clients use ApprovalMax for handling their core finance information, we consider the privacy of our clients' data as one of our top priorities. All processing of customer data takes place in EU-based Microsoft ...
    • Data Protection and Data Recovery

      Data Protection ApprovalMax processes personal data as both a Data Controller and Data Processor, as defined in the Directive and the General Data Protection Regulation (GDPR). We are a Data Controller with regard to the client information we process ...