Developer Security Guidelines

Developer Security Guidelines

All new apps begin in Test mode. You can promote an app to Live mode using the Developer Dashboard, except for Demo App, which remain in test mode permanently.

Live App Security Requirements

To go live, your application must meet the following CustomBooks security standards.

1. Developer Account Approvals Prerequisites

Before submitting your app for approval, ensure the following are resolved:

  • Phishing prevention mechanisms are in place.

  • Cross-Site Request Forgery (CSRF) protections are implemented.

  • Cross-Site Scripting (XSS) is mitigated using appropriate framework/language libraries.

  • SQL Injection protections are implemented using “Filter Input, Escape Output” techniques.

Additionally:

  • Ensure all OS and application framework patches are up to date at submission. You must also commit to applying new patches within a commercially reasonable timeframe.

  • Your external web servers must support TLS 1.1 or higher; TLS 1.2 with AES-256 and SHA-256 is recommended. HTTPS should be enforced for all application traffic.

  • Implement secure authentication, session management, and access controls.

2. During Application Development & Testing

  • Set Secure and HTTPOnly flags on all cookies.
  • Use third-party libraries only from trusted and verifiable sources.

  • Avoid exposing detailed error messages, stack traces, or logs to users. If you must share crash data, sanitize all private or sensitive information.

  • Implement event logging for auditing and troubleshooting.

  • Protect against CSRF by passing a unique, unguessable state parameter with each authorization request. It should not include sensitive data.

3. Post Application Go Live

  • Your app must not store, share, or export CustomBooks data beyond what is functionally required.

  • Tokens, OAuth credentials, or customer data must not be shared with any third party without CustomBooks’s written consent.

  • Comply with all API rate limits as defined by CustomBooks.

4. Application testing by CustomBooks

We reserve the right to test your application via:

  • Manual architecture reviews.

  • Feature-based Q&A sessions.

  • Automated security scanning of your web app and network.

  • Manual penetration testing for known vulnerabilities.

    • Related Articles

    • Data Security

      Data Security Protecting Your Data: Our Top Priority At CustomBooks™, we recognize the critical importance of data security in today's digital environment. We are deeply committed to safeguarding the information entrusted to us by our clients, ...
    • API Security

      Shared Responsibility At CustomBooks™ we take data security seriously, and we expect our Integration Partners to use the best efforts in securing our user data. Our responsibility is to ensure that CustomBooks™ products and services are secure. Your ...
    • Data Import Wizard

      Data Import Wizard If you are trying to import transactions into Cloud Banking, please see this article. The Data Import Wizard is a powerful tool and feature that enables users to efficiently bring external data into their system. With this tool, ...
    • Multi-Factor Authentication

      Breaches, hacks and other attacks in the news are increasing in numbers - Cyber-crime is a reality that we hear about daily. CustomBooks™ has implemented an optional multi-factor authentication protocol that gives your account additional safeguards ...
    • Logging in and out of CustomBooks™

      Logging in and out of CustomBooks™ is a straightforward process designed to keep your data secure while providing easy access to your account. Logging in to CustomBooks™ There are two methods of logging in. Method 1: Standard Login involves entering ...