To find security vulnerabilites

Hi Experts, I wanted to know is there any tool specific for mendix code for finding security vulnerabilites?
3 answers

There are two code scanning tools that point you to security misconfigurations in your model (Omnext, by Omnext and ACR by Mansystems – both are paid solutions). These are currently the only two tools that point to specific flaws in your code.

Other security vulnerabilities can be found by generic tools for scanning web applications. I've encountered Outpost24 and Rapid7 for generic scanning of applications, but many more tools exist. These tools detect vulnerabilities like weak TLS versions, vulnerable JavaScript components and XSS.

For manual penetration testing, the only tool that pen testers from multiple vendors seem to use is BURP suite. Automated scanning tools won't find all problems in your app, so it's useful to have a professional test your application.

Finally, if you want to check your entity access settings, you can use the Security Inspector widget from the App Store.


To add to Rom’s answer you can find more details on ACR at the link

ACR is a model analysis tools which means it check your model for vulnerabilities. There is another tool called AMS (also by Mansystems) which even checks your running application.

Both are paid solutions as Rom already pointed out.

Hope this helps




Hi Harsh,

I’m currently working on an automated scanning tool that helps identify sensitive data exposure in Mendix applications. 

Feel free to contact me on linkedin/twitter (@xiwenc) if you’re interested to find out more. It’s currently in private beta. Hence there’s not much public information yet.