Driven by the cost savings, increased accuracy, enhanced audit trails and greater efficiencies that they deliver, Purchase-to-pay (P2P) solutions are an essential component of organizations finance and procurement departments. However, for all the benefits P2P solutions deliver and increasingly being delivered via the cloud, it’s critical that security is not neglected.
This is particularly challenging when it comes to the web applications that are the cornerstones of cloud services. Not only must the application be secure, but security must be considered at every level of the service, including the network and host. Therefore it´s critical to analyze the web application’s architecture and design to identify potentially vulnerable areas that may allow a user, either intentionally or accidentally, or an attacker with malicious intent, to compromise the system’s security.
However, it is not possible to design and build a truly secure web application unless you know the potential threats. So how do you identify and define what the threats and vulnerabilities are?
One popular option is to utilize the Open Web Application Security Project (OWASP), a non-profit, global and crowdsourced organization that is not affiliated with any technology company that was founded in 2001 and now maintains 100 local chapters with thousands of members. Its leadership is completely voluntary and makes decisions about technical direction, project priorities, schedule, and releases. OWASP also collects corporate and individual membership subscriptions and conference fees, to award grants each year to promising AppSec research projects.
As such OWASP is in a unique position to provide impartial, practical information about web application security to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public.
Amongst its widely available projects is the OWASP Top 10 project, a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world, all of whom shared their expertise to produce this list which is used globally as a guideline for both developing secure applications and testing application security on a continual basis.
Delivering P2P securely
As Palette continues to offer its solution via the cloud, one of our most important objectives is to deliver a product and a service that is safe and secure. As such security is an important aspect in every step from the design of new functionality right through to implementation.
All members of the Palette technical team are educated in methods for secure web development with a focus on the OWASP Top 10 most critical web application security risks to avoid the existence of weaknesses in design, and the implementation errors that can lead to unexpected, undesirable outcomes. Furthermore both the platform and applications undergo security tests by external experts to provide as secure a solution as possible.
And the end result is that you can enjoy all the benefits of P2P, delivered from the cloud, safe in the knowledge that the solution is robustly secure.