is there any documentation about app security like certification, conformance to owasp or other framework, sast/dast testing, app pentesting, etc?
The application is sending any kind of data outside business central tenant? If yes, which ones and where?
How long are you planning to maintain the application developement?
Do you grant updates about security issues?
If you are using the SharePoint connection, it is just using your own browser’s existing connection to SharePoint, so there is no security or certification testing from our app.
If you are not using SharePoint, then all attachments are stored inside Business Central.
DocXtender is just giving a drag & drop interface for attachments. The actual storage of those attachments is a base Microsoft Business Central or SharePoint function, so there would be no security updates or other development planned from our app.