Safety & Security at Shieldfy

We take security very seriously at Shieldfy, So we go an extra mile to make sure our service is secure, reliable and worth your trust.

Physical security

Shieldfy is hosted in secure-by-design Amazon Web Services facilities that continually manage risk and undergo recurring assessments to ensure compliance with industry standards. This includes independent policies for physical access, monitoring & logging, surveillance & detection, device management, operational support systems, infrastructure maintenance, and governance & risk. For more information on the AWS physical security processes, click here

System security

Shieldfy infrastructure is distributed over different technologies. in system installation we are using a hardened, patched OS with dedicated firewall and VPN services that help block unauthorized access. And we are following industry security standard to manage and deploy our services including container and microservices security as well as lambda security standards.

Data exchange

All private data to and from Shieldfy is transmitted over SSL. All communication with the repository is done over SSH authenticated with keys, or via HTTPS using your Shieldfy access token.

Source code storage and Privacy

We don't store your source code anywhere, When we analyze your source code it will only be downloaded on a virtual container and deleted with the container instantely after the analysis completed. The only data will be store is the result of the analysis which contain information about the vulnerabilities you have and its fully incrypted in the database.

Passwords and Credentials

Passwords in Shieldfy are salted and hashed by one-direction encryption scripts. We do not store user passwords. Access tokens used in communications with the repository are salted and encrypted with two-direction encryption scripts and kept in this form in the database.

Payments & Credit cards

If you decide to upgrade your account, we’ll ask you for the details of your credit card. We do not store this information on our servers: we are using level-1 PCI Compliance Stripe Inc.

Employees restrictions policy

Our employees never access private vulnerabilities info unless required for support reasons and approved with your consent. Most employees has no access to the shieldfy production environment. The people who do have access to the production, don't access your code or your repositories or read your vulnerabilities info. On rare occasions, at your explicit request, we may need to pull a clone of your code; however, this will only be done upon your approval.
All Shieldfy employees is trained towards security compliance and subject to privacy agreements. New employees follow a structured onboarding process to get familiar with tools, processes, systems, policies, and procedures.

Vulnerabilities and Responsible Disclosure

As we said , we take security very seriously, and we tied to publish and notify our customers immediately on any security incident happens and how it affect their accounts and privacy.
In case you’ve found a security vulnerability, please see our Responsible Disclosure Policy

Have a question?

Not sure exactly what we’re looking for or just want clarification? We’d be happy to chat with you and clear things up for you. Anytime!

Email us