Protection of your data is not our Priority. It's our Obsession. We understand the importance of data in Determining, Differentiating, and Defining Business Success. We strive religiously to keep your data safe and tamperproof with multiple-layered security and measures.
We continuously invest significant time to patch the latest threats. Security for us is an ongoing process, which we work through diligently in our regular Sprint cycles. We appreciate feedback related to any security concerns you might have. If you have discovered a potential security issue, please open a support request. Our Security teams will activate the criticality and apply the required patches.
We have a dedicated Security team comprising of Network, DevOps, Automation and Application Engineers, who constantly work on various aspects of User Access and Authorization, Code Reviews, third party white box, grey box, and pen testing.
We also work with Bounty Security Researchers to responsibly discover, report and fix security issues jointly with our team. If you are one of the Security Researchers please write to us at firstname.lastname@example.org
Our 6 Week Release cycle is associated with a Security Scan. These scans are run on our production mirrors and reports are published internally before the final Release.
Our scanning process involves inhouse and 3rd party Penetration, Vulnerability Scanning. Network security is ensured through controlled access and security groups along with Malware and Virus scanning by Clam AV. Static Application Security Testing (SAST) is done occasionally through Whitehat Security.
We have alert mechanisms to detect Brute attacks from abusive IPs and automatically ban them. Our repositories are privately hosted to ensure the access is prohibited from external networks, and as fallback we have breach alerts setup. XSRF alerts on validation failures are fired to act upon.
Besides this our Security and SRE team does a manual scan on the logs everyday to identify any malicious activity.
Our Engineers have limited access to the code and database through protocols of relevance and hierarchy. Our DevOps team has an approval process to grant permissions to the code and database. We have strong revoke policies that flush environment accesses periodically.
Both CMS and End Users undergo 2 factor authentication to be able to access the application and disposable emails are filtered for registration.