Recommended Security Tools for 3rd Party Developers
Clio recommends a number of security tools and controls to our development partners as they build their 3rd-party integrations. Please find below a number of valuable resources that will help improve your security posture.
Minimum Viable Secure Product (MVSP)
An instructional guide which, if used for your application, will ensure minimum viable security. It is a brief guide, just 4 sections with 24 total points, and it outlines everything a secure application needs to have put in place.
OWASP Top Ten
https://owasp.org/www-project-top-ten/
A list of the most dangerous web application vulnerabilities. It’s maintained by the Open Web Application Security Project, who collate available data to provide a look into the biggest threats in web security.
OWASP Cheat Sheet Series
https://cheatsheetseries.owasp.org
A comprehensive set of articles about common vulnerabilities, with each entry both explaining the attack as well as outlining how to defend against it, with easy to follow examples. There are dozens of cheat sheets on any important topic in application security, including guides for protecting yourself against the aforementioned OWASP Top Ten.
They even provide articles which define these vulnerabilities, provide a set of instructions on how to defend against them, and even show easy-to-follow examples.
Clio Single Sign-On
Clio Single Sign On will allow you to simplify your authentication process, make accessing your application much easier for your clients, and even improve your security, as you are replacing the need for your users to generate their own passwords for your app.
Dependabot
Dependabot is an automatic dependency updater that works with github. It scans through the dependency management files you have in your application’s GitHub repository, checks the dependency version for any active security vulnerabilities, either reported to the CVE database or elsewhere, and automatically opens up pull requests to update these dependencies to a safe version.
Security Linting Tools
Open-source tools that can scan your code and pull requests to search for unsafe coding patterns.
Ruby - RuboCop
Python - Bandit
https://bandit.readthedocs.io/en/latest/