Security Attacks in Appian

Appian collaborates with a third party for penetration and vulnerability testing. Check this link:forum.appian.com/.../Appian_Cloud_FAQ.html
Companies using Appian can still carry out penetration testing on their own, but they need to notify Appian - if they are doing it on Appian cloud env.
Also, Appian uses SAIL - data submitted on SAIL forms is sent/received in encrypted format to some extent. There are extensive checks that happen at the server side.
Also, I think "Cross site scripting" is not likely - because Appian does not allow JavaScript/Ajax for creating UI. Such kind of attacks are more likely when the UI is being developed in JS/Ajax.

There is one place where JS/Ajax gets used - in Embedded SAIL. However, that too is unlikely - because the admin needs to allow IP addresses/hosts for CORS in Appians "Allowed CORS hosts " in the admin console.

So, overall I think such attacks are very unlikely with Appian.

Appian collaborates with a third party for penetration and vulnerability testing. Check this link:forum.appian.com/.../Appian_Cloud_FAQ.html
Companies using Appian can still carry out penetration testing on their own, but they need to notify Appian - if they are doing it on Appian cloud env.
Also, Appian uses SAIL - data submitted on SAIL forms is sent/received in encrypted format to some extent. There are extensive checks that happen at the server side.
Also, I think "Cross site scripting" is not likely - because Appian does not allow JavaScript/Ajax for creating UI. Such kind of attacks are more likely when the UI is being developed in JS/Ajax.

There is one place where JS/Ajax gets used - in Embedded SAIL. However, that too is unlikely - because the admin needs to allow IP addresses/hosts for CORS in Appians "Allowed CORS hosts " in the admin console.

So, overall I think such attacks are very unlikely with Appian.