Schedule demo
Start free

OutSystems Evaluation Guide

Get Started Today

Try For Free

8. Secure deployment and infrastructure

OutSystems prioritizes robust security measures, ensuring secure communication and container isolation. With features like HTTPS and Kubernetes namespaces, data transmission and network access are protected. The platform also employs secure messaging and automated infrastructure setup, hosted in certified AWS data centers for reliable physical security.

Table of contents

Runtime security

OutSystems also includes built-in protection against session fixation attacks where an attacker tries to hijack a valid user session. The platform ensures, in this case, that the session identifier is transparently changed on each login and validates this on every request, thereby preventing such session fixation attacks. It does this by serializing and de-serializing session data using a built-in anti-tampering JSON deserialization mechanism.

Tenant security

Regarding the Tenant security security of cloud tenants in OutSystems, Kubernetes clusters are designed to be multi-tenant.* (ODC) To provide logical isolation between tenants, OutSystems uses Kubernetes namespaces, which isolate groups of resources in a single cluster. Containers are further isolated by implementing a network policy that restricts network access to other containers outside of their Namespace.

OutSystems hardens containers to enhance their security. To do this, it uses a Linux-based open-source operating system that includes only the software essential to running containers, ensuring that the underlying software is always secure. This solution helps reduce maintenance overhead and automates workflows by applying configuration settings consistently as nodes are upgraded or replaced.

Tenants in OutSystems are also secured by providing user access and authentication to the applications running in them through the built-in identity service.

Container security* (ODC)

To ensure extra security and isolation, the platform component cannot directly connect to any of the runtimes via the Kubernetes API, nor can the deployed applications access the runtime database. OutSystems uses secure messaging between the platform and runtime environments for operations like deploying applications, changing site properties, updating a database, and retrieving data.

Infrastructure as Code

OutSystems is also built with infrastructure as code (IaC), which means the environments are defined in code and implemented with automated procedures, rather than relying on manual processes that can introduce errors. This approach allows for scanning the infrastructure as code source files to uncover any misconfigurations or policy issues that may affect security and compliance

Physical security and data center protection

OutSystems is currently hosted in secure and certified AWS data centers. These data centers have multiple layers of operational and physical security to ensure the safety and integrity of data, including intrusion detection, distributed denial of service mitigation services, and recurring risk assessments to ensure compliance with industry standards. The data center is managed and supported 24/7, 365 days a year.

 

* Additional details on platform versions and deployment options (ODC, O11, O11 Cloud) are available in the Architecture section of the Evaluation Guide.

Previous
Network security