OUTSYSTEMS - REACTIVE WEB
SECURITY BEST PRACTICES EXAM
Two parts of a Reactive Web App - Correct Answers -Client-side and server-side
Exposing sensitive data on the client-side - Correct Answers -Client-side code can be
manipulated by end-users, leading to unauthorized modifications
Client Variables storage and caution - Correct Answers -Stored in the browser's local
storage; Avoid storing sensitive data due to potential manipulation
Security measure for screens with different roles - Correct Answers -Creating separate
screens for different roles to avoid mixing roles on a single screen, ensuring better
security
Secure approach for user account interactions on Public screens - Correct Answers -
Requesting a One-Time Authorization Code (OTAC) for flows such as creating an
account or resetting a forgotten password
Identity validation and reset password options - Correct Answers -Options include a
second device flow, a combined request, and using JSON Web Token (JWT) for
encryption and secure data
Benefits of using JSON Web Token (JWT) - Correct Answers -Encrypts the session and
sends only encrypted data, enhancing security
Warnings in TrueChange™ - Correct Answers -TrueChange™ provides warnings that
guide users through the biggest mistakes and help improve Client Code Quality
Additional option for code analysis - Correct Answers -AI Mentor Studio offers several
code analysis patterns, providing an extra option for improving application security
Caution about deploying test screens - Correct Answers -Do not deploy test screens to
environments other than the development environment to avoid tampering with the
database
Minimizing security risks with aggregates - Correct Answers -Update the platform or
limit the data fetched from aggregates
SECURITY BEST PRACTICES EXAM
Two parts of a Reactive Web App - Correct Answers -Client-side and server-side
Exposing sensitive data on the client-side - Correct Answers -Client-side code can be
manipulated by end-users, leading to unauthorized modifications
Client Variables storage and caution - Correct Answers -Stored in the browser's local
storage; Avoid storing sensitive data due to potential manipulation
Security measure for screens with different roles - Correct Answers -Creating separate
screens for different roles to avoid mixing roles on a single screen, ensuring better
security
Secure approach for user account interactions on Public screens - Correct Answers -
Requesting a One-Time Authorization Code (OTAC) for flows such as creating an
account or resetting a forgotten password
Identity validation and reset password options - Correct Answers -Options include a
second device flow, a combined request, and using JSON Web Token (JWT) for
encryption and secure data
Benefits of using JSON Web Token (JWT) - Correct Answers -Encrypts the session and
sends only encrypted data, enhancing security
Warnings in TrueChange™ - Correct Answers -TrueChange™ provides warnings that
guide users through the biggest mistakes and help improve Client Code Quality
Additional option for code analysis - Correct Answers -AI Mentor Studio offers several
code analysis patterns, providing an extra option for improving application security
Caution about deploying test screens - Correct Answers -Do not deploy test screens to
environments other than the development environment to avoid tampering with the
database
Minimizing security risks with aggregates - Correct Answers -Update the platform or
limit the data fetched from aggregates