Security hardening

<< Click to Display Table of Contents >>

Navigation:  Automation Server > Automation Server configuration and administration guide > Initial project configuration > Best practices in the production environment >

Security hardening


When you have an application in a production environment, it is important to consider best practices that provide an adequate level of security.

Such best practices include the configuration recommendations issued by the vendor of the application, but within these, you should also adopt best practices that suit your infrastructure setup and that apply to your whole company.


We recommend that you commit to and enforce compliance with the guidelines and procedures as set by the policies and standards related to information security. This way, aspects regarding control, monitoring, auditing, and other features, are included within the definition of what constitutes application security.


Bizagi deploys a Work portal for end-users to use, as a web application. Therefore, we recommend implementing the necessary measures for application hardening in every project, to mitigate certain risks and vulnerabilities from which web applications are not exempt.



Follow the detailed hardening procedures described in the links below. They are presented as mandatory and recommended.


Mandatory Hardening

Configure the HTTPS protocol

Enable a secure TLS version

Configure a secure SSL/TLS cipher suite

Configure TLS for database

Authorization and authentication

Encrypting information using HTTPS

Filtering unauthorized requests

Define case security

Configure SQL Server Transparent Data Encryption (TDE)


Recommended Hardening

Include additional protection in Bizagi Web Services

Delete unused folders in the production environment

Rewrite values in server variables

Customize the user's preferences form

Database attribute encryption



For Bizagi, security is an aspect of critical importance.

Therefore, Bizagi periodically releases new versions which feature improvements and fixes for issues detected in previous versions.

Fixes for those detected issues may include specific solutions for security vulnerabilities.


We strongly recommend that you consider a periodic upgrade in your solution to Bizagi's newest releases, by always following the usual guidelines for an upgrade procedure such as:

Plan, coordinate and test appropriately all upgrades.

Rely on your different environments (development, testing, pre-production when applicable, and production).

Take proper contingency measures (e.g. backups) before starting the update.

Evaluate customizations or additional security configurations such as the ones listed above, so stakeholders are aware that it is part of the plan to reconfigure certain features after the upgrade.



When you have customizations or applying hardening measures such as the ones above, follow one of two alternatives when carrying out a version upgrade:


1. If upgrading through the Bizagi Management Console, reconfigure and verify that such measures are still applied after the upgrade (we recommend backing up customizations before starting the upgrade).

An upgrade done through the Management Console will not check whether you have done modifications to the original files and file structure.


2. You may upgrade through a manual procedure, without using the Bizagi Management Console.

If you do, consider all the relevant components and files that you need to replace manually for the Work Portal and Scheduler, while avoiding overwriting your configured customizations or the already applied hardening measures.


For highly critical security issues, Bizagi may issue hot fixes and recommend that you apply them without waiting for a newer version.


Considerations regarding the platform

Always review and apply recommendations issued by Microsoft, the vendor of the base platform on which Bizagi runs for .NET environments.

Consider bulletins and notifications about fixes and patches announced by Microsoft regarding your Windows OS or the IIS.

Remember to carry out proper tests after applying fixes and patches to verify you are not affecting your Bizagi project.