3rd Party Penetration Testing
Wiredrive uses a top-tier web security company to complete manual penetration testing of the entire Wiredrive application. The same company also tests when new features are released that could potentially cause security related regressions. They also run continuously automated tests of the entire application. Quarterly reports are available to customers upon request. In addition, several Wiredrive clients have run their own 3rd party tests as part of their evaluation process.
Static Code Scans
As part of the SDLC (Software Development Life Cycle), Wiredrive runs a static code scan daily via WhiteHat Security. This helps identify potential vulnerabilities long before any code is pushed to the production environment.
Hosting and Cloud Providers
The entire core Wiredrive application is run in our co-located SSAE 16 Type II compliant data centers. This includes the web application, API, and asset storage. Wiredrive does not use any cloud providers for the core application.
Password Encryption
All passwords are encrypted and stored in the database using modern cryptography according to OWASP best practices.
Reliance On 3rd Party Services
Wiredrive operates and owns all of our own server hardware in our co-location facilities. Cloud servers are used for selected parts of our service. This is limited to our mail relay provided by Mandrill. Billing, support, monitoring, and content delivery are also handled by third party vendors.
Server Location
The main Wiredrive datacenter is located in a Teleco grade facility in Los Angeles operated by Equinix. The DR facility is at a different Teleco grade facility also operated by Equinix. Both locations are SSAE 16 Type II compliant. Wiredrive uses multiple tier-1 ISPs and has a direct private link between the data centers.
Supported SSL Encryption Level
Top priority is given to modern encryption implementations of AES 256 and 128-bit ciphers. Fallback is provided for situations where a browser supporting the latest features is unavailable. We have full coverage for Forward Secrecy on browsers which support it.
Comments
0 comments
Please sign in to leave a comment.