Need to report a security vulnerability?
Please email us directly at Auklet Security. We can’t express our appreciation enough for letting us know about these issues.
We employ a team of 24/7/365 server specialists at Auklet to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
All data exchanged with Auklet is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance).
All metric and event data is encrypted at rest and backed up daily with advanced logging that enables restoration to any second up to the last 5 minutes. Data is mirrored across at least two different regions of the US ensuring your data is always highly available. Automatic database hot swapping happens in the case of a disaster within minutes.
We never store passwords as clear text – they are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted – all network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
Your code never touches our servers.
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.
We also allow you to use two-factor authentication, or 2FA, through GitHub login as an additional security measure when accessing your Auklet account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.
We have a full time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks.
When you sign up for a paid account on Auklet, we do not store any of your card information on our servers. It’s handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.