We are pleased to announce that Gozynta Mobius is now listed in Intuit's QuickBooks App Store. Applications listed are required to meet numerous requirements including clearing an annual security review process. Mobius is the first and only ConnectWise integration to have successfully completed this review and be listed in the store.
The annual security review includes a security assessment comprised of a deep automated scan and manual testing. Manual testing includes validating all issues found in the automated scan and checking for other problems, such as authentication and authorization. The report's Risk Assessment Methodology assigns a Severity based on the combination of Likelihood and Impact scores using a 5-point scale from Minimal to Critical.
We received our final report in March, which found no Critical or High Severity findings. In addition to the security assessment, Intuit made additional inquiries around scripting and injection attacks, key storage, and TLS/SSL configurations.
In our May release of Mobius, we updated our account password policy to enforce more stringent requirements, including the zxcvbn complexity checker. User account passwords are now required to meet greater complexity and uniqueness constraints, making it harder for attackers to obtain access to your Mobius account.
In our July release of Mobius, we integrated a new session management module and implemented additional HTTP Security Headers. These changes help to further mitigate the risk of intricate cross-site scripting and session attack vectors.
The web is a dangerous place, and keeping on top of the latest recommendation and best practices is an ongoing effort. In addition to completing and maintaining compliance with Intuit's Annual Security Review, we utilize OWASP recommended tools as part of our Secure Development Lifecycle. For example, every build in our pipeline is analyzed using GitLab's Static Application Security Testing suite.