We employ a full suite of secure software development activities and controls. We carefully segment each of these technology layers via network and access controls. Within the code itself, our development team leverages as many of the security functions that are made available by the Java framework. Our code is tested via static analysis and black box scanning prior to being deployed to our production environment.
In addition to our secure development methodology, APIDefender deploys a number of controls to protect the confidentiality and integrity of our customers and their data. Some of these controls include but are not limited to:
- Data at rest encrypted using AES 256
- User passwords stored in one way salted hash
- Centralized logging & alerting
- All-network traffic encrypted via SSL and SSH
- All application traffic over SSL/TLS
- Three-tiered architecture/ compartmentalized & firewalled