Home Automation Anywhere Bot Security Program

Automation Anywhere Bot Security Program

by sol-admin

This video is meant to inform us about how RPA security is ingrained within every aspect of the Automation Anywhere platform. This is what they called a Bot Security Program. The pillars of that program are the following:

  • Multi-tiered evidence-based validation
  • Developer security training for everyone
  • Security best practices for development
  • Bot Security Guild for developers

In total, there are 4 progressive levels of security designation which were worked out in partnership with cybersecurity experts. Let’s take a look at the first two levels:

Level 1: Malware Scan
– Automation Anywhere scans the bot package for malware to ensure that the package is secure.
– Every bot on Bot Store has a Level 1 certification, at a minimum.

Level 2: Self-Attestation & Developer Training
– Includes Level 1 security certification requirements.

– Bot developers must complete the Secure Bot Developer learning path.

  • The learning path has three components: Secure Bot Design, Secure Bot Development, and Secure Bot Deployment.
  • Each component includes a test which developers must pass.
  • Bot Store reserves the right to verify training and successful testing.
  • Bot Store also reserves the right to perform a cybersecurity assessment in order to validate that a bot employs development best practices.

– Bot developers must self-attest that their bot was developed with software security controls and best practices in place.

Self-attestation of best practices is designed to secure against the OWASP Top 10 and CVE Top 25 threats. Self-attestation establishes that:

  • Authentication and authorization patterns are secure and well documented.
  • Dependent libraries are disclosed and scanned.
  • Cryptographic capabilities obey industry standards.
  • Network access of all types is conducted via secure channels.
  • All resource access is well documented and the least privilege principle is applied.
  • Sensitive information and credentials are stored in the Credentials Vault.
  • Exception handling does not compromise privileged information.

To get information about the next two levels, proceed to this page.