Omnext software quality solutions

Mendix security analysis

Omnext specializes in analyzing and evaluating the technical quality of your Mendix applications. Gain instant insight in the technical quality, maintainability, module dependencies and much more in a fully automated way. 

Unlike traditional quality analysis tools, Omnext is tailored analyzing Mendix applications and thanks to our partnership with The S-Unit, our platform allows us to offer a full Static Application Security Test (SAST) for Mendix applications.

Omnext_x_The-S-Unit_logo
Mendix security guidelines

Check if your Mendix apps follow the The S-Unit Top 10 security guidelines

Building applications with Mendix is fast, but is it secure as well? The simple answer is, Yes… but only if you make sure to follow the proper Security Best Practices. 

Everyone who has built an application with Mendix before knows that security can be quite complex. Setting access rules, ensuring proper use of third party components, encryption. This are just a few topics that you will come across when building secure Mendix applications. 

In order to help keep your Mendix apps safe and seure, our partner The S-Unit has developed the The S-Unit Top-10 (TSU Top 10). This is a list of 10 security guidelines each Mendix applications should adhere to. 

TSU-01: Insecure user roles
User roles are often misconfigured. This can include assigning incorrect module roles (also from marketplace modules), granting user management, or providing excessive privileges. Such misconfigurations increase the risk of misuse. More details >
TSU-02: Insecure entity access

Incorrectly configured entity access rules frequently lead to data exposure and manipulation. Examples include insecure read access, insecure write access, missing or incorrect XPath constraints, and more. More details >

TSU-03: Insecure microflows

Microflows are the heart of Mendix applications, but often also a source of vulnerabilities. Examples include insecure access rights, incorrect use of “Apply entity access,” and poor implementation of sensitive logic. More details >

TSU-04: Insecure published integrations

Published integrations often fail due to missing authentication, misconfigured access roles, or insecure import/export mapping. As a result, sensitive information may become accessible to unauthorized users. More details >

TSU-05: Insecure consumption of integrations

Consuming integrations also introduces risks. Insecure URL structures, improperly formatted JSON/XML/SOAP payloads, and insufficient data validation can enable manipulation and misuse. More details >

TSU-06: Use of outdated or end-of-life components

Many applications still run on outdated runtimes, old Java libraries, deprecated marketplace modules, or unsupported widgets. These components often contain known vulnerabilities that can be easily exploited. More details >

TSU-07: Insecure custom authentication

Custom authentication is often implemented incorrectly. Examples include insecure microflows in published integrations, risky request handlers, or poorly implemented login handlers. A single mistake in this process can make the entire application vulnerable. More details >

TSU-08: Insecure custom Java

Custom Java code often unintentionally introduces risks. Examples include XPath injections in request handlers, direct object references in system/sudo contexts, or insecure use of XML parsers. More details >

TSU-09: Insecure UI components

Client-side vulnerabilities are often underestimated. Examples include exposed sensitive constants, hard-coded passwords, or XSS (cross-site scripting) through HTML widgets. More details >

TSU-10: Insecure cloud deployments

Cloud configurations largely determine the security of an application. Common issues include missing or weak Content Security Policy (CSP) headers, reusing secrets across environments, and unintentionally exposing documentation handlers. More details >

Back to top

Do you want to know more? Get in touch!

Schedule your live demo or request our free Fact Sheet(s) right now.

Security best practices
Security Best Practices
Identify security vulnerabilities in a heartbeat

As developers do their outmost best to build safe and secure applications, even developers are only human in the end. In other words, sometimes security risks may be introduced without knowing so. 

Analysing your Mendix applications and measuring it against The S-Unit Top 10 and other Mendix security best practices helps you and your developers to identify potential security risks before moving your application to production by providing insight in these risk with each and every change. 

Schedule live demo
Identify security vulnerabilities in a heartbeat
Access Rules

Map and evaluate Acces Rules across your apps

One of the most complex things in Mendix is managing Access Rules. Although is relatively easy to set them, it can be quite hard to keep a full overview as your application grows and becomes more complex. 

Omnext helps you to visualize exactly which User- and Module Roles haves have Create, Read, Update or Execute rights across entities, microflows and nanoflows. By aggregating this information in a ‘CRUDE Matrix style’ overview, it becomes a lot easier to identify misconfigurations before they become security liabilities. 

Schedule live demo
Map and evaluate Acces Rules across your apps

"Building applications at lightning speed using the Mendix platform is one thing, keeping them safe and secure is something else. Security can be quite complex and having a proper monitoring and evaluation tool at your disposal can make all the difference.”

Bryan de Vries - Head of Product Omnext

profile_transparent_background-768x1024
Third party dependencies and vulnerabilities

Gain insight in the Open Source risks in your Mendix apps

Practically every Mendix application makes use of so called open source components. This is usually a smart thing to do, but you should also be aware of the risks. Are you using the latest available version of a component? Does the component have a ‘risky’ license such as for instance GPL which may have consequences regarding your Intellectual Property? Does your used component contain any known security vulnerabilities?

These are all questions that can be answered within seconds using the Omnext Software Quality Analysis platform (SQA) for Mendix applications. 

Schedule live demo
Gain
Quality policies and governance

Determine organization wide quality guidelines and policies

Being in control over the technical quality of your Mendix apps starts with determining policies: What are the guidelines development teams should adhere to? The Omnext SQA platform allows you to determine your own Best Practice Rule Sets, priorities and thresholds. You determine what is important for your organization.

Schedule live demo
determine
Contact

Get in touch or schedule your live demo

If you wish to receive more information, talk to one of our Consultants in person or schedule a live demo of one of our solutions, please do not hesitate to get in touch with us at any time! One of our colleagues will get back to you as soon as possible.