Tag: security

Posted on

Can a Workflow Engine be truly secure?

Security warnings have always been part of the software landscape. But something has shifted recently. The latest wave of reports is different – and it is not just the usual noise. The Threat is Real“The question is no longer whether your application will be attacked. The question is whether your data is still safe after the attack succeeds.”

AI-assisted attacks are changing the rules of the game. Where a human attacker once needed hours or days to analyze application code, identify vulnerabilities, and craft an exploit, an AI-powered tool can do the same in minutes. Automated reconnaissance, pattern-based vulnerability detection, intelligent fuzzing – what used to require deep expertise is becoming increasingly accessible.

Continue reading “Can a Workflow Engine be truly secure?”
Posted on

How to secure Business Objects

This post explains how you can secure your business objects in a model driven way, using the Imixs-Workflow engine.

Most applications deal with security in a functional way. This means that a business application typically defines different functional roles which are mapped to different users. For example let’s look on a simple Ordering System. In an Ordering System, we will have roles like

  • Order-Creator‘ – creating the order
  • Order-Approver‘ – validating and approving
  • Order-Executor‘ – execution

These roles are typical for such an business application and mostly tightly coupled to the corresponding business methods – e.g. createOrder(), approveOrder() and executeOrder(). This works well in a monolithic business application where you can control the security layers as also the business logic. But as more complex the business application becomes, also the enclosed security becomes more complicated. For modern application design, in addition, you often have to deal with external web services and business logic which need to be adapted easily to changing requirements. So this static security model leads into a hell of hard coded business rules or, what is worse, can no longer guarantee the security. Continue reading “How to secure Business Objects”

Proudly powered by WordPress