At MockFlow we ensure, our infrastructure, development, data and application follow security compliance at all times
We use top of the line services for hosting and protecting our infrastructure. MFA, key rotation, VPN and other important factors are followed at the server level
All of MockFlow is hosted with Amazon Web Services - the leader in cloud infrastructure as a Service (IaaS) as per Gartner
MockFlow is protected with network firewall and application-level firewall along with intrusion detection and alerts.
Our servers are protected actively from DDOS attacks using Cloudflare. And also they are monitored every minute for any anomalies
We only use SOC2 and ISO 27001 certified services for hosting customer data. This ensures our cloud providers are trustworthy
We protect and safeguard all customer data with the following actions
We perform continuous backup of customer data and also store them securely in different locations
256-bit key is used for encrypting sensitive information like passwords
Files are stored at AWS S3 that provides geographically-dispersed Availability Zones, protected by 99.999999999% of durability
Only SSL/HTTPS is used for all data transmissions protected by AES-256 bit key encryption. Our latest SSL scan report from Qualys Inc (leader in compliance and auditing) gives MockFlow: A+ rating as shown above.
Security at the application level is important to prevent attacks like SQL injection, XSS from hackers. At MockFlow we have taken various steps to ensure our application is always secure against such attacks.
Function level security in MockFlow helps team admins to ensure their organization follows secure workflows within their teams when using MockFlow
MockFlow supports popular Single-Sign-On (SSO) identity providers out of box like OneLogin, Okta. Besides them we also support SAML for other providers
All projects created in MockFlow are by default private and can be shared with other users using the required permissions - Reviewer, Editor or Admin
Deleting projects in MockFlow asks for password token to safeguard user data. Also all important user actions are logged for audit purposes.
This is where it all starts. We always ensure all our organization members undergo security training and follow secure guidelines during coding, testing and deployment.
Peer based code reviews are conducted to detect any security faults in code
Application level security scanning is done with Qualys Inc. for detecting any security holes
We ensure not only our infrastructure but also the third-party libraries used are updated with latest security patches
Stage based testing - branch, integration and deployment level helps to catch bugs that might otherwise go undetected
Our development center is provided with adequate active and passive security arrangements such as CCTV, user activity monitoring, anti-virus etc...