Skip to main content
Application Security

Socrative follows industry best-practices to ensure our applications are built with security in mind.

Kenny Dickie avatar
Written by Kenny Dickie
Updated over a year ago

Socrative adheres to industry best practices for design and development. We always thoroughly test new features in order to rule out potential attacks in accordance with industry standards like the Open Web Application Security Project® (OWASP).

We constantly improve our security policies as the threat landscape changes. Our engineering team continuously monitors ongoing security, performance, and availability. We subscribe to all relevant security bulletins so that we can promptly address any security issues in the software we use.

Development Practices

All changes are verified by a suite of automated tests, as well as regular code reviews and testing by independent researchers.

  • Developers participate in regular security training to learn about common vulnerabilities and threats

  • We review our code for security vulnerabilities

  • We regularly update our dependencies and make sure none of them has known vulnerabilities

  • We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase

  • We use Dynamic Application Security Testing (DAST) to scan our applications

Security Monitoring

  • We use a security monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach.

  • We use technologies to monitor exceptions, logs and detect anomalies in our applications.

  • We collect and store logs to provide an audit trail of our applications activity.

Did this answer your question?