...
We regularly scan our code for any potential security vulnerability and we check all dependencies for any impact on vulnerability before committing such changes to the release version. We use a number of tools to perform such scans such as Codacy and http://Snyk.io to monitor for any potential security vulnerability and provide mitigation measures where necessary. We regularly scan our code base to ensure best practice practices in writing code and mitigating any known threats relating to the use of certain code structurestructures.
Confidentiality
Our users should rest assured that there's no interaction or storage of end-user data. Any information supplied to the app is processed immediately and discarded and no end-user data is stored. Access to log data is restricted to the administrator (a dedicated individual who monitors the integrity of the BulkOps App Pro) of the app and all those information are is confidential.
Does not store end-user data
Does not store uploaded files → Files are only processed and discarded
Does not track users
We do log errors associated with the app without any end-user data for the improvement of the app
Testing
We run automated and user-based tests for any update and upgrade that is done on the app, we use apps such as Travis-ci to perform automated tests when updates are done. We check for vulnerabilities within dependencies to know and understand if it impacts the app in any way or form. If there are impacts, we provide mitigation steps to remedy the issue.
...
Daily backup of the database is done in privately encrypted servers. This database is used to store log data used in the audit log featureand other features of the app. This database does not store any end-user data or any uploaded file data.
...
High | Medium | Low |
|---|---|---|
Remote code execution | Broken authentication | Data exposure |
SQL injection | Cross-site scripting (XSS) | Unvalidated redirects |
Cross-site request forgery (CSRF) |
| Tip |
|---|
Reporting security issues
|