Security Training – At least annually, engineers participate in secure code training. This training covers OWASP Top 10 security flaws, common attack vectors, and WorkMax security controls.
Quality Assurance – Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Separate Environments – Testing and staging environments are separated physically and logically from the production environment. No actual customer data is used in the development or test environments.
Dynamic Vulnerability Scanning – We employ a number of third-party, qualified security tools to continuously scan our application. WorkMax is scanned frequently against the OWASP Top 10 security flaws. Our in-house product security team tests and works with the engineers to remediate any discovered issues.
Static Code Analysis – Our source code repositories, for both our platform and mobile applications, are continuously scanned for security issues.
Security Penetration Testing – WorkMax employs in-house and third-party security experts to perform granular penetration tests.