Stringbucket uses advantages of Amazon Web Services (AWS) for our computing infrastructure. AWS has ISO 27001 certification and has completed multiple SSAE 16 audits. If you want more details on AWS security, please refer to http://aws.amazon.com/security/
Production environment is hosted in ISO27001 and SSAE16 certified secure data centers.
Data centers are equipped with digital recorders, CCTV systems and manned by security guards on a 24x7 basis.
Stringbucket employees do not have physical access to any of our production facilities, as whole our infrastructure is in the cloud. Biometric scanning and a secret PIN-code is used to access development area. Security camera monitoring is at all development area.
Dedicated VPN services and firewall are used to block unauthorized system access. System installation is using hardened, patched OS. Intrusion Prevention System is used to defend system services.
Internal processes in our data centers comply with the Multi-Tier Cloud Security Standard (MTCS SS 584) Level-3 (CSP) certification requirements. Our software is regularly audited by security specialists. Systems access is admitted and tracked for auditing purposes. Fully documented change-management procedures. Secure document-destruction policies are used for all sensitive information.
Stringbucket employs a team of 24/7/365 server specialists to keep our software and its dependencies up to date removing potential security vulnerabilities. We use a wide range of intrusion prevention and monitoring solutions for preventing and eliminating attacks to the site. Stringbucket code written by our developers is based on OWASP best practices and recommendations.
All private data exchanged with Stringbucket is always transmitted over HTTPS (web-interface and command line client) using Stringbucket username and password. The login credentials can not be used to access a shell or the filesystem. All users are virtual (meaning they have no user account on our machines) and are access controlled.
File System and Backups
At the system layer, the servers are deployed with redundant network cards, redundant power supplies, and redundant disk storage. Secure data centers have generator backup systems and UPS for power and various entry points for key utilities and communication facilities. Regular backups are made and stored off-site in a different Amazon AWS datacenter.
No Stringbucket employees ever access private projects unless required to for support purposes according to system role-based model. Stringbucket employees do not have physical access to any of our production facilities, as whole our infrastructure is in the cloud.
The support staff may log in to your account in order to solve and assist in resolving support inquiries. The support staff does not have direct access to customer data. Solving a support issue, support team only have access to the files and settings needed.
We protect your login from brute force attacks with rate limiting. We always send login information over SSL. All passwords are filtered from all our logs and are one-way encrypted in the database using reliable encryption algorithms.
We have security staff to help identify and prevent new attack vectors. We always test new features to rule out potential attacks, such as XSS-, SQL-injections protecting wikis and ensuring that Pages cannot access cookies.
We also make regular security tests and ongoing audits of Stringbucket and its code. Security testing is a part of Stringbucket code quality assurance.
Credit Card Safety
When you sign up for a Stringbucket's paid account, we do not store any of your billing information on our servers. It's handed off to PayPro Global, Stringbucket payment processing gateway. PayPro Global is compliant with PCI Security Standard and audited daily for required security.
If you have any questions, concerns or comments about Stringbucket security or would like to submit a vulnerability report, please contact us at firstname.lastname@example.org.