All your information is secure in the platform, significant efforts have been made to keep it safe. Firstly and foremost, data is securely stored on AWS servers, their customers include Nasdaq, Netflix, Cleveland Clinic, Philips, Healtcare.gov and many more. Data in offer or contract is only visible to you and the counter-party of the deal. We take an extremely proactive approach to secure our platform. We do this by implementing over the following types of security tools and techniques:
- SSL/HTTPS : A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a Web server that allows for a secure connection between the server and a Web browser.
- JSON Web Token : A JSON Web Token (JWT) is a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
- API med HTTPS : For increased efficiency and flexibility our back and front-end communicate via APIs that are calling via HTTPS.
- White-listing IPs : In our platform we have enabled whitelisting IP’s, if user adds his ip then he will increase security and access to his data. No one can access or login his account if they are trying to login with different IP’s
- Two factor Authentication : We have integrated 2FA where user can request One-Time-Password (OTP) to his mobile phone that is required in combination with standard password.
- Automated Vulnerability Assessment : A leading security tool performs automated security tests and attacks on our web applications and databases, and scans assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfigurations. Over 150 handpicked ethical hackers contribute security findings that are built into our scanner as automated tests.
- Web Application Firewall & Runtime application self-protection: A Web Application Firewall allows live monitoring of traffic and threats with automatic assessment and blocking.
a) Protects application from a large range of vulnerabilities.
b) Protects applications from attackers trying to perform suspicious activities or abuse the app's business logic.
- Ethical hackers: Ethical hackers conducted an assessment on our platform to uncover vulnerabilities by exploiting them. The recommendations have been fixed.
- Network Layer Security / DDoS Protection: It dramatically improves website performance through global CDN and web optimization features. Cloudflare’s WAF, DDoS protection, and SSL defend website owners and their visitors from all types of online threats.
- Content Disarm & Reconstruct : Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies. CDR can fortify your zero-day file protection strategy, by proactively removing any possibility of malicious content in your files.
- Google Invisible reCaptcha: Google Invisible reCAPTCHA is able to differentiate humans from bots without additional input from the website user and blocks bots attempting to use the website.