Socrative adheres to industry best practices for design and development. We always thoroughly test new features in order to rule out potential attacks in accordance with industry standards like the Open Web Application Security Project® (OWASP).
We constantly improve our security policies as the threat landscape changes. Our engineering team continuously monitors ongoing security, performance, and availability. We subscribe to all relevant security bulletins so that we can promptly address any security issues in the software we use.
Development Practices
All changes are verified by a suite of automated tests, as well as regular code reviews and testing by independent researchers.
Developers participate in regular security training to learn about common vulnerabilities and threats
We review our code for security vulnerabilities
We regularly update our dependencies and make sure none of them has known vulnerabilities
We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase
We use Dynamic Application Security Testing (DAST) to scan our applications
Security Monitoring
We use a security monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach.
We use technologies to monitor exceptions, logs and detect anomalies in our applications.
We collect and store logs to provide an audit trail of our applications activity.