Encryption In Transit
- Screener’s web application and API endpoints force HTTPS using Transport Layer Security (TLS) so that all traffic is encrypted in transit.
- We support only strong cipher suites, and have enabled features such as HSTS and Perfect Forward Secrecy (PFS).
- Our implementation scores an “A+” rating on Qualys SSL Labs test.
- Screener’s database is encrypted at rest.
- All files generated by customer tests are encrypted at rest using industry standard AES encryption. Each file is encrypted with a unique key employing strong multi-factor encryption.
- Database backups are stored encrypted.
- We run automated vulnerability scans on our production hosts weekly, and perform remediations on findings that present a risk to our environment.
- Our team subscribes to security lists and are notified of new vulnerabilities.
- Security patches to our servers are updated regularly, usually several times per week.
- All of our services and data are hosted in the USA.
- All of Screener’s services run in the cloud. We do not run any physical servers.
- Our production services are hosted in AWS and Rackspace secure data centers. Screener builds on top of the physical security protection measures and environmental controls provided by these cloud providers. For more information on their security practices and compliance, please view AWS Security, and Rackspace Security.
- Screener servers are hosted in our own Virtual Private Cloud (VPC).
- We have network access control lists (ACL’s) that prevent unauthorized access to our internal network and resources.
- Our machines are behind firewalls, and all inbound traffic goes through load balancers. All public inbound ports are blocked on application servers.
- Our cloud infrastructure has built-in protections to mitigate against DDoS attacks.
- Screener supports sign-in using OAuth with multiple cloud identity providers, including: Google, GitHub and Microsoft. Customers can use these sign-in integrations to enable 2FA for an additional layer of security.
- When signing in directly to Screener using an email and password, Screener enforces password requirements of: minimum 8 characters, contains a number, lowercase, and uppercase character. Passwords are stored hashed and salted, with data encrypted at rest and in transit.
- Custom password policies cannot be set within the Screener application, but may be able to be set by your identity provider when using our OAuth sign-in options.
All credit card information provided for payment is processed directly by our third-party payment processor Stripe. We do not receive or store your credit card information on our systems. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. For more information on Stripe's security practices: https://stripe.com/docs/security/stripe
- Managing your own user accounts, teams and roles within Screener.
- Protecting your own login credentials.
- Complying with Screener’s Terms of Service and any applicable laws.
- Promptly notifying us if you suspect any activities that may negatively impact Screener’s security.
- You may not perform any security vulnerability assessments or penetration tests on Screener services without first providing advance written notice and getting our express written consent.