{"id":9429,"date":"2025-10-21T09:26:54","date_gmt":"2025-10-21T07:26:54","guid":{"rendered":"https:\/\/the-s-unit.nl\/?page_id=9429"},"modified":"2025-10-21T09:26:55","modified_gmt":"2025-10-21T07:26:55","slug":"tsu-03-insecure-microflows","status":"publish","type":"page","link":"https:\/\/the-s-unit.nl\/en\/tsu-03-insecure-microflows\/","title":{"rendered":"TSU-03: Insecure Microflows"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The S-Unit Top 10<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"TSu-03:\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

TSU-03: Insecure Microflows<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TSU-03 focuses on the insecure configuration or implementation of microflows <\/strong>, a crucial part of Mendix security. By designing microflows carefully, managing authorizations strictly, and consistently building in validations, you prevent sensitive logic or data from being unintentionally exposed.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Incorrect microflow settings can undermine security.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Microflows form the core of backend validations and sensitive functions within a Mendix app. They often run with elevated privileges and frequently process user input.<\/p>

By default, Mendix blocks access to microflows. Developers decide which module roles are allowed to execute them. An overly broad configuration or insufficient validation can lead to unauthorized access, data manipulation, or even circumvention of security mechanisms.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Reduce risks by designing your microflows smartly and securely.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

To prevent TSU-03 vulnerabilities, consider for each microflow who is allowed to call it and what validations are required. Follow these best practices.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tUse a clear naming convention that shows whether a microflow can be called from the UI and by which module roles.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tIdentify actions within the microflow that end users normally cannot perform (for example, backend-only operations) and mark these as sensitive.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tIf the microflow doesn\u2019t perform sensitive actions, convert it to a nanoflow.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tTrack all user-provided data in the microflow: including parameters, writable attributes, and retrieved entities and treat them as input that must be validated.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tEnsure that user-exposed microflows perform authorization and input validation before executing sensitive actions.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDo not assume that only the \u201cCommit\u201d action saves data. Any attribute change may be stored, with or without an explicit commit. Apply the same security checks in both cases.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t
    <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAvoid \u201cvalidate-then-commit\u201d microflows that rely solely on client-side validation. These can be bypassed. Add a backend-only step the user cannot perform, such as:<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t
      \n\t\t\t\t\n\t\t\t\t\t\t\t
    • \n\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t\t
      <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tChanging a read-only attribute after validation (e.g., Status = Approved), combined with a status-based XPath constraint.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
    • \n\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t\t
      <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tCreating a read-only persistent object after validating user input.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t
        \n\t\t\t\t\n\t\t\t\t\t\t\t
      • \n\t\t\t\t\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t\t\t
        <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAssume that all entities created or modified in a microflow can be exposed to the user, including non-persistent entities and uncommitted changes.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t
          \n\t\t\t\t\n\t\t\t\t\t\t\t
        • \n\t\t\t\t\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t\t\t
          <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDelete temporary objects once they\u2019re no longer needed, especially in sub-microflows.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
          \n\t\t\t\t\t\t
          \n\t\t\t\t\t
          \n\t\t\t
          \n\t\t\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t

          Vulnerabilities within TSU-03<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t

          The following vulnerabilities are common in insecurely configured microflows and illustrate where things often go wrong in practice.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tMissing authorization checks in delete microflows: users can remove records without proper rights.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tMissing authorization in data submission microflows: unauthorized data can be added or altered.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNo validation of object parameters: invalid or unauthorized objects may be processed.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNo validation of non-object parameters (such as strings or integers): increases the risk of injection or logic manipulation.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNo validation after database retrieval: untrusted data might flow into critical processes.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tValidation only in nanoflows: without matching backend checks, these can be easily bypassed.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tData validation bypass through uncommitted changes: users may view or alter data before it\u2019s validated.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tExposure of sensitive data via temporary non-persistent entities: confidential information may become visible.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSecurity bypass via direct access to sub-microflows: unprotected subflows can be called directly.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t
          • \n\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t\t
            <\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t\t <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSecurity bypass via direct access to administrative microflows : grants backend control to unauthorized users.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t

            Integrate The S-Unit Top 10 into your CI\/CD pipeline.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t

            Want to know how your Mendix application scores on The S-Unit Top 10?\nIn collaboration with Omnext, we\u2019ve developed a Mendix-specific SAST solution that continuously and automatically scans for vulnerabilities. By integrating The S-Unit Top 10 into the CI\/CD pipeline, risks are detected early and made immediately visible.\nFor questions, feel free to contact us.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

            The S-Unit Top 10 TSU-03: Insecure Microflows TSU-03 draait om onveilige configuratie of implementatie van microflows, een cruciaal onderdeel van Mendix-beveiliging.Door microflows zorgvuldig te ontwerpen, autorisaties strikt te beheren en validaties structureel in te bouwen, voorkom je dat gevoelige logica of data onbedoeld wordt blootgesteld. Onjuiste microflow-instellingen kunnen beveiliging ondermijnen Microflows vormen de kern van […]<\/p>\n","protected":false},"author":17,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-9429","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/comments?post=9429"}],"version-history":[{"count":13,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9429\/revisions"}],"predecessor-version":[{"id":9477,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9429\/revisions\/9477"}],"wp:attachment":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media?parent=9429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}