Frontitude is developed with security by design. Staying secure is one of our core values. Frontitude's development is led by senior engineers, who were trained and dealt with OWASP top 10 security risks in the past, as part of working for public companies and the military intelligence units.
Infrastructure
- We use AWS as our cloud services provider. Hosting all of our servers, databases, and infrastructure. The data center is therefore located in Ireland and is SOC 1, SOC 2, and ISO 27001 certified with 24/7 operations and enterprise-grade security.
- Our application infrastructure is based on AWS managed services. AWS is responsible for patching systems supporting the delivery of our services. Learn more about AWS shared responsibility model. At our end, we regularly check for updates and keep versions up to date.
- We use the industry standard AES-256 encryption algorithm to encrypt your data on our database and static file buckets.
- Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed IPs, ports, and protocols are allowed based on business requirement. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function.
- You can read more about AWS security at: https://aws.amazon.com/security/
Application security
- SQL-injection protection is implemented in our DB access layer module.
- Authentication to our system is done via Google Sign In or Microsoft Azure, using OAuth 2.0 protocol.
- Authorization is done using session-based authentication, over a secured connection (see Network Security).
Passwords and access tokens
- We don’t keep passwords in our DB.
- We don’t keep any user access tokens in our DB.
- Credentials being used in our servers to reach other services are not stored in code but only kept in AWS servers environment variables. The credentials used in production environments differ from those used in development environments.
Network Security