Chiro Cat employs the latest security measures to ensure that your data remains safe. Here are just a few of the measures we take:
- Database encryption at rest – all data is stored encrypted within the database.
- SSL certification – all incoming and outgoing traffic is sent over an encrypted HTTPS connection
- Mandatory two-factor authentication – all logins require a text-message code verification. This dramatically reduces the chances of someone else gaining access to your account.
- Invisible reCaptcha – all public forms are protected with Google’s reCaptcha service, which prevents brute force attempts to access your data.
- Encryption as a standard practice – all interactions with the application are encrypted with the latest AES-256 encryption algorithm.
- SQL injection prevention – all queries use prepared statements which are going to escape any user input that may come in through your forms.
- Cross-Site Request Forgery (CSRF) protection – all forms use a special single-use token which makes sure that the request is coming from our application and not from somewhere else.
- Password hashing – all passwords are hashed (not encrypted), which means that they cannot be unencrypted. Once a password has been set, there is no way to see what the password is. We can still, of course, reset a forgotten password.
- Protection against XSS (Cross Site Scripting) – all input is escaped by default, which means that any scripting or HTML tags found within user-submitted fields will not be executed.
- Activity monitoring for malicious intent – Chiro Cat logs everything! We actively monitor our logs for signs of bots probing our servers or hackers trying to get into our system and we block them immediately!
In addition to all the security features that Chiro Cat employs, we use independent third-party security scanning services to constantly monitor our servers for any potential security threats.
Security Headers Scan
Security Headers is an independent security scanning service sponsored by Netsparker which analyzes websites for potential security threats. Chiro Cat maintains an A+ rating! You can even check out our live results by clicking here: https://securityheaders.com/?q=chirocat.com&followRedirects=on
Mozilla Observatory Security Scan
The Mozilla Observatory Security Scan is an independent security scanning service which analyzes a website for potential security threats. Chiro Cat maintains an A+ rating! In fact, according to this report, there is only one thing that we could do to improve our security headers and that’s to implement Subresource Integrity (SRI). But we made a deliberate decision to incorporate Google’s reCaptcha service among other security features which do not work with subresource integrity checks. We feel that the added benefit of including our custom security far outweighs any potential benefit from subresource integrity checks. Plus, all our external scripts are loaded over HTTPS. You can visit our live security results by clicking here: https://observatory.mozilla.org/analyze/chirocat.com
Qualys SSL Labs Security Scan
SSL Labs is a collection of documents, tools, and thoughts related to SSL. It’s an attempt to better understand how SSL is deployed, and an attempt to make it better. Chiro Cat maintains an A+ rating with Qualys SSL Labs Security Scan. You can check out our live security results by clicking here: https://www.ssllabs.com/ssltest/analyze.html?d=chirocat.com