We have a dedicated Security team comprising of Network, DevOps, Automation and Application Engineers, who constantly work on various aspects of User Access and Authorization, Code Reviews, third party white box, grey box, and pen testing. 

We also work with Bounty Security Researchers to responsibly discover, report and fix security issues jointly with our team. If you are one of the Security Researchers please write to us at cs@muvi.com

Our 6 Week Release cycle is associated with a Security Scan. These scans are run on our production mirrors and reports are published internally before the final Release.

Our scanning process involves inhouse and 3rd party Penetration, Vulnerability Scanning. Network security is ensured through controlled access and security groups along with Malware and Virus scanning by Clam AV. Static Application Security Testing (SAST) is done occasionally through Whitehat Security.

We have alert mechanisms to detect Brute attacks from abusive IPs and automatically ban them. Our repositories are privately hosted to ensure the access is prohibited from external networks, and as fallback we have breach alerts setup. XSRF alerts on validation failures are fired to act upon.

Besides this our Security and SRE team does a manual scan on the logs everyday to identify any malicious activity.

Our Engineers have limited access to the code and database through protocols of relevance and hierarchy. Our DevOps team has an approval process to grant permissions to the code and database. We have strong revoke policies that flush environment accesses periodically. 

Both CMS and End Users undergo 2 factor authentication to be able to access the application and disposable emails are filtered for registration.