Choosing no-code, Quality teams are not only involved but take the steering wheel in building their own eQMS. Starting with implementation, they lead the project and tailor the system to their needs and organizational requirements. But if a no-code platform enables self-service and opens the door for citizen developers, does that mean it’s also vulnerable? Today’s article answers this question and looks at a very important aspect: security.
To test our no-code application and ensure our customers of its security, AlisQI has recently run a penetration test. We are proud of the results of the test and have our Senior Back-End Engineer Sam Junedi talk about the project.
The fear of taking matters into their own hands
You hear a good deal about no-code advantages, including speedy deployment, lower costs, increased flexibility, as well as the fact that it requires limited IT resources. But despite these benefits, there are also multiple fears associated with implementing and maintaining a no-code QMS.
One of these fears is also one of the greatest benefits: no-code empowers quality teams to take the matters into their own hands. Still, some manufacturers worry that having accessible data and connecting to several data sources, might raise security issues. Common issues are cross site scripting (XSS), SQL Injections, Denial of Service attacks among many others.
Since the beginning, we at AlisQI kept a sharp eye on these vulnerabilities and provided preventive solutions by validating the data provided to our application as well as the data provided by our application. We also made a careful choice of our infrastructure to be aware and preventive of these vulnerabilities. Furthermore, we are regularly checking on the new security vulnerabilities that can come up due to technological advances.
To ensure our customers and prospects that they can be at ease with our no-code label, we elaborate on our most recent penetration test.
Why did we decide to perform a penetration test?
Sam: We decided to run this test to show that AlisQI is secure. Yes, AlisQI is a no-code platform that is easy to deploy, and implementation, as well as maintenance, can be done by non-developers. Still, our security is top-notch.
A penetration test is useful for detecting potential vulnerabilities. It consists of several tests and an in-depth analysis that assesses risks and their prioritization. The severity of each risk is calculated considering both the technical impact and the business impact. We used a specialized company to perform these tests, to ensure that we are not missing any security vulnerabilities and to best assess the security of our application.
What were the results?
Sam: We are very proud of the results. The test confirms that there are no risks of losing or leaking information or other possible vulnerabilities. The penetration test company ran two rounds of tests that lasted five days.
The first round of tests gave us great feedback about small enhancements that we can do to enhance the security of our application. We gladly implemented these recommendations. The second test showed us even more that our platform is as secure as we wish it to be.
This means that despite the flexibility and the DIY approach that our customers can enjoy with our no-code application, they don’t have any reasons to worry.
What do the results mean for AlisQI?
Sam: The team at AlisQI will perform these tests regularly. We’ll also add more useful features like Single Sign-On. This way, we ensure the best security, and that, in our case, no-code vulnerability is nothing but a myth.
Do you want to learn more about AlisQI, security measures, and procedures?