April 21, 2021

Weaving security into low-code development

3950 – That is the number of known data breaches that organizations across the world and over different domains reported in 2020 (Verizon-2020 Data Breach report). The number of records affected? – a staggering 36 billion. (Risk Based Security, 2020 report). The spotlight on application security has never been so bright. The havoc caused by security loopholes discovered in production is immense both in terms of money and value, not to speak of the mistrust it instills in the customer and the chain reaction thereof. Additionally, the pandemic has stewed a culture of digital transformation in enterprises like never before. In such a scenario, security is of paramount importance.

AppSec is showing an increasing left-shift trend in the development cycle of applications. In today’s dynamic market, businesses cannot afford to make a mistake. Preemptive and Proactive is the new mantra. The advantages of weeding out security vulnerabilities at the development stage of the product far outweigh the time spent on finding vulnerabilities at a later stage. At an age and time when clients are looking for rapid go-to-market solutions, any tool that reduces cost and effort without compromising on the security of the application is welcomed with open arms by development teams in both ISVs and enterprises alike.



What are WaveMaker platform capabilities in terms of security

WaveMaker offers comprehensive security solutions both at the application level and at the code level. The platform itself enables secure coding practices making apps hardened for penetration testing and enterprise-grade security. On an application level, WaveMaker provides standard safeguard methods such as Authentication and Authorization, SSL encryption, User OnBoarding, OAuth, OpenIDConnect, and integration with service providers like LDAP or AD. Additionally, the apps can be configured to protect against ‘OWASP Top 10 vulnerabilities’ including CSRF and XSS attacks.

Recently WaveMaker added another feather to its cap by strengthening its security credentials with the achievement of “Veracode™ Verified Standard (Veracode Seal)” for WaveMaker generated application code. With that, WaveMaker becomes the first Java Low-Code platform to achieve Veracode certification.

By using the WaveMaker low-code application development  platform, customers are putting immense faith in our app-generated code. Obtaining a certification from one of the most respected and trusted names in the security industry namely Veracode, fortifies that faith.

What does the Veracode certified seal mean to our customers

Professional developers using open standards technologies often need to rely on security scans and traditional black-box testing post-development. With WaveMaker, the generated application code is pre-tested using the Veracode static code analysis tool (Veracode SAST). Additionally, Veracode SAST mitigates false positives. This in effect, translates to faster and easier development because developers can now focus on building the software rather than worry about its security aspects.

Development teams, especially those building software platforms and solutions, depend on low-code for its speed, but much of their time ends up being spent in finding and reporting the vulnerabilities issues at a later stage,” said Deepak Anupalli, Head of Product at WaveMaker. “WaveMaker enables professional developers to not just build faster, but to churn out quality, secure application code. The WaveMaker Veracode certification is the latest milestone in our continued efforts on being developer-centric.


Joining the Veracode verified community is an assurance to developers and ISVs that security checks are already in place. The platform also assures safety with regards to third-party open-source libraries. It essentially means that the security of all components encompasses all vulnerability checks listed in the CVE library. What’s more, with every release, WaveMaker updates its libraries against potential and newer vulnerabilities.

ISVs using low-code find their customers stressing on compliance and mitigation of all security issues, and rightly so. Using prerelease analytical tools such as Veracode SAST to test the security of low-code generated code acts as a differentiator for teams building software platforms and solutions. The tradeoff in terms of time, effort, and money for all stakeholders are immense. For ISVs, inbuilt security becomes a pre-ticked item on their checklist. Effort spent on inspecting code for security inadequacies can be economically distributed towards building better, resilient, and agile software.

Our customers have ever-increasing demands for IT compliance and cyber risk mitigation. Knowing our WaveMaker applications are Veracode Verified out-of-the-box saves considerable time and effort to lock down our solution and gives me peace of mind knowing we are built on top of a modern and secure platform,” said Kevin McCarthy, CTO at Neverfail Inc, a WaveMaker customer.

Joining the Veracode community: Certified Commitment

Enterprises are aggressively pursuing digital transformation solutions. Security hygiene needs to be weaved tightly into these solutions. According to the Forrester Report on security, 2021, twenty-one percent of tactical IT security support of organizations said that their firm will prioritize building security into the development processes. For enterprises looking towards low-code platforms, a Veracode partnership with Wavemaker brings relief and assurance in times of shrinking delivery timelines. An Out-of-the-box attestation by the Veracode platform solidifies the commitment from WaveMaker to our customers that the applications they develop are secure and compliant by design.

Comprehensive scrutiny of our low-code platform with every release provides an in-depth view of the security of the app-generated code. Early mitigation ensures that security loopholes do not trickle down to the applications that are built with low code. WaveMaker joining hands with Veracode ensures that the security of WaveMaker-generated code is a given.

Start building powerful applications with a low-code platform that does not compromise on code security.