Issue link: https://pros.com/learn/i/1021238
www.pros.com 9 The PROS Platform: Secure Cloud Solutions You Can Rely On PROS development teams use Secure Development Lifecycle (SDLC) processes and perform rigorous testing to ensure security. Here's a snapshot of what they do: • Base PROS SDLC on OWASP industry best practices and tailor to the Agile methodology • Perform Threat Modelling to identify and model security threats • Complete Static Analysis Security Testing at the code level to identify vulnerabilities early • Execute Dynamic Analysis Security Testing at the Web App level to identify vulnerabilities • Conduct Final Security Review of all security activities performed on the application prior to release • Run regular Vulnerability Scanning and manual Penetration Testing within the PROS solution State-of-the-Art Security Infrastructure Our network security infrastructure is cutting edge. We use firewall and Intrusion Prevention System technologies to analyze network traffic and guard against attacks. For host security, we deploy an advanced anti-malware solution that uses a pure machine learning approach to determine malicious activity. The solution can detect threats without relying on signature-based technology and techniques. A sophisticated host-based incident response tool hunts and captures threat activity in almost real time in conjunction with a powerful tool that can model and track the introduction of known good changes in systems and protect from non- trusted changes. User Authentication The PROS solutions require an Identity Provider (IdP) for user account management. PROS can integrate with Corporate Identity and Access Management tools using industry-standard protocols, with support for: • Azure Active Directory and OpenID Connect • Active Directory Federation Services (ADFS) • Salesforce, Okta, OneLogin, PingFederate, and other providers A customer provided IdP is required for all PROS B2B solutions. Data Encryption All data at rest is encrypted with an AES 256bit cipher. Data in motion is sent over HTTPS and TLS 1.2 and encrypted with an AES 256bit cipher, unless otherwise specified by the customer. PROS Applications: Designed Securely from the Start