RPA security is ingrained within every aspect of the Automation Anywhere platform, and is now extended to enhance trust in bots. With the application of our bot security framework, all bots including those built in-house, by partners, or procured from Bot Store, can now be deployed reliably with secure bot development practices in alignment with prevailing Confidentiality, Integrity, and Availability (CIA) cybersecurity principles and best practices.

Check out the Developer Portal for security related topics as well as discover new developer tools, tips and training.

INTEGRATED SECURITY PRACTICES

Essential Incorporation of best practices into every step of the development process.

MULTI-TIERED EVIDENCE-BASED CRITERIA

Evidence of security inclusion in bot development to suit the strictest requirements and validated by external security experts.

BOT SECURITY GUILD

Exclusive events and thought leadership by a network of security experts, secure bot developers and RPA professionals.

SECURE DEVELOPER TRAINING

Curriculum and testing based on our deep industry knowledge of security best practices.

Why Bot Security?

  • Reduce risk of internally and externally developed bots.

  • Meet the most rigorous governance, trust, and compliance requirements.

  • Speed expansion of your RPA practice by passing InfoSec reviews more quickly.

Bot Security Levels

In partnership with cyber security experts, Bot Security encompasses four (4) progressive levels of security designation.

Level 1: Malware Scan

  • Automation Anywhere scans the bot package for malware to ensure that the package is secure.
  • Every bot on Bot Store has a Level 1 certification, at a minimum.

Level 2: Self-Attestation & Developer Training

  • Includes Level 1 security certification requirements.

  • Bot developers must complete the Secure Bot Developer learning path.

    • Our learning path has three components: Secure Bot Design, Secure Bot Development, and Secure Bot Deployment.

    • Each component includes a test which developers must pass.

    • Bot Store reserves the right to verify training and successful testing.

    • Bot Store also reserves the right to perform a cybersecurity assessment in order to validate that a bot employs development best practices.

  • Once developers have completed the learning path and passed the coursework exam, they will be invited to join our Bot Security Guild

  • Bot developers must self-attest that their bot was developed with software security controls and best practices in place.

  • Self-attestation of best practices is designed to secure against the OWASP Top 10 and CVE Top 25 threats. Self-attestation establishes that:

    • Authentication and authorization patterns are secure and well documented.

    • Dependent libraries are disclosed and scanned.

    • Cryptographic capabilities obey industry standards.

    • Network access of all types is conducted via secure channels.

    • All resource access is well documented and the least privilege principle is applied.

    • Sensitive information and credentials are stored in the Credentials Vault.

    • Exception handling does not compromise privileged information.

Level 3: Threat Model and Static Analysis

  • Includes all of Level 2 security certification requirements.

  • Security partner provides a Level 3 report which contains the following information:

    • A completed Data Flow Diagram explaining the bot process and operation.

    • A Threat Model outlining top threats to bot processes and assets.

    • Bot Scan Results and Analysis Statements explaining mitigation strategies and compensating controls to prevent identified top threats.

    • Clean results of malware scan of bot binary.

    • Completed source code scan and proof of remediation of identified vulnerabilities.

    • Evidence of dependency and third-party library security.

Level 4: Penetration Test

  • Includes all of Level 3 security certification requirements.

  • Security partner provides a Level 4 report which contains the following information:

    • A detailed outline of the testing scope for the bot in an environment consistent with how it would be deployed in a real-life environment.

    • A test plan with completed results as well as the completion of mandatory test cases.

    • Evidence of remediation or remediation plan for any identified issues.

Bot Security Guild

Reduce risk, speed development and stay current with the latest security information through a network of security-minded RPA professionals.
The charter of the industry first and only Bot Security Guild is to help organizations, system integrators and security experts share security expertise, advance standards on bot application security, and share best practices across the RPA industry.

Member Benefits:

  • Gain a competitive advantage and broaden your knowledge around cybersecurity.
  • Access to a private online forum for Guild members to communicate and collaborate and obtain member-only information.
  • Participate in our monthly meeting to share and learn through open discussions, security expert talks, and advance security standards.
  • Expand your professional network.


Get Started

Take the courses in the Automation Anywhere Secure Bot Developer learning path.

Still have questions? See our Bot Security FAQs. To submit your bot for validation, please contact us at botsecurity@automationanywhere.com



Business and IT can now rely on secure RPA development with the only security framework for bots.