Gozynta Mobius is listed in the Intuit QuickBooks App Store after passing an exhaustive review process. Mobius is the only ConnectWise Manage integration for QuickBooks currently available in the app store.
We are pleased to announce that Gozynta Mobius is now listed in Intuit's QuickBooks App Store. Applications listed are required to meet numerous requirements to including clearing an annual security review process. Mobius is the first and only ConnectWise integration to have successfully completed this review and be listed in the store.
The annual security review includes a security assessment comprised of a deep automated scan and manual testing. Manual testing includes validation of all issues found in the automated scan and checks for other problems, such as authentication and authorization. The report's Risk Assessment Methodology assigns a Severity based on the combination of Likelihood and Impact scores using a 5-point scale from Minimal to Critical.
In March we received our final report, which found no Critical or High Severity findings. In addition to the security assessment, Intuit made additional inquiries around scripting and injection attacks, key storage and TLS/SSL configurations.
In our May release of Mobius, we updated our account password policy to enforce more stringent requirements, including the zxcvbn complexity checker. User account passwords are now required to meet a greater level of complexity and uniqueness constraints making it harder for attackers to obtain access to your Mobius account.
In our July release of Mobius, we integrated a new session management module and implemented additional HTTP Security Headers. These changes help to further mitigate the risk of intricate cross-site scripting and session attack vectors.
The web is a dangerous place, and keeping on top of the latest recommendations and best practices is an on-going effort. In addition to completing and maintaining compliance with Intuit's Annual Security Review, we utilize several OWASP recommended tools as part of our Secure Development Lifecycle. For example, every build in our pipeline is analyzed using GitLab's Static Application Security Testing suite.