This video is meant to inform us about how RPA security is ingrained within every aspect of the Automation Anywhere platform. This is what they called a Bot Security Program. The pillars of that program are the following:
- Multi-tiered evidence-based validation
- Developer security training for everyone
- Security best practices for development
- Bot Security Guild for developers
In total, there are 4 progressive levels of security designation which were worked out in partnership with cybersecurity experts. Let’s take a look at the first two levels:
Level 1: Malware Scan
– Automation Anywhere scans the bot package for malware to ensure that the package is secure.
– Every bot on Bot Store has a Level 1 certification, at a minimum.
Level 2: Self-Attestation & Developer Training
– Includes Level 1 security certification requirements.
– Bot developers must complete the Secure Bot Developer learning path.
- The learning path has three components: Secure Bot Design, Secure Bot Development, and Secure Bot Deployment.
- Each component includes a test which developers must pass.
- Bot Store reserves the right to verify training and successful testing.
- Bot Store also reserves the right to perform a cybersecurity assessment in order to validate that a bot employs development best practices.
– Bot developers must self-attest that their bot was developed with software security controls and best practices in place.
– Self-attestation of best practices is designed to secure against the OWASP Top 10 and CVE Top 25 threats. Self-attestation establishes that:
- Authentication and authorization patterns are secure and well documented.
- Dependent libraries are disclosed and scanned.
- Cryptographic capabilities obey industry standards.
- Network access of all types is conducted via secure channels.
- All resource access is well documented and the least privilege principle is applied.
- Sensitive information and credentials are stored in the Credentials Vault.
- Exception handling does not compromise privileged information.
To get information about the next two levels, proceed to this page.