Trust is the foundation of any successful partnership, which is why Secure Code Warrior provides every customer with a reliable and secure platform for our products and services. We believe transparency is key to building trust. The Secure Code Warrior Trust Centre provides an overview of how we collect your data, protect your data, ensure compliance, and adhere to industry standard best practices and all applicable laws and regulations
Secure Code Warrior is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). For more information on how this may impact our customers, please refer here.
Secure Code Warrior is committed to safeguarding our information assets, and those of our customers, against misuse, abuse or compromise. Your data is important to us. Security and privacy standards are baked into our everyday processes throughout our organisation.
Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.
We host our services and data in AWS, leveraging AWS’ world-class data-centers and their security benefits, certifications, and US and EU locations.
We utilize AWS’ well-architected framework to ensure the best possible security practices are implemented and followed.
We have threat detection enabled and actively respond to alerts and security incidents according to a predefined plan and process.
TLS 1.2 (or higher) is enforced for all communications to and from any endpoint, such as APIs or web servers. We leverage industry standard AES-256 encryption for data at rest.
Our infrastructure and applications are continuously scanned for known vulnerabilities, which when identified are then managed according to our vulnerability remediation process.
Our software engineers are trained to understand and prevent the most common and severe vulnerabilities impacting software.
We continuously scan 3rd-party libraries for known vulnerabilities and work to resolve them according to our vulnerability remediation process.
We regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.
Changes to our products go through a series of security tests and assessments prior to being deployed, including SAST, DAST, and container vulnerability scanning.
Code is quality assured by peer review and using a test-based approach where our engineers include security test cases.
The Secure Code Warrior Learning Platform supports SSO, enabling organisations to extend their own authentication controls for staff accessing the Platform.
Data access within Secure Code Warrior is governed by role-based access control (RBAC), with a limited number of roles.
All access to production systems is strictly controlled with MFA being enforced. Access to production databases is further secured with ephemeral credentials.
Secure Code Warrior meets industry best practices and standards to achieve compliance with industry-accepted general security and privacy frameworks, inspiring confidence and trust and helping our customers meet their compliance standards.
If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.
Additional privacy and security documents are available upon request, but may require a mutual non-disclosure agreement to be completed. Please complete the form below and we'll be in contact with you to explore your request.