Skip to main content

Articles in this section

What cybersecurity precautions do you have in place? Is the data secure?

Our customers can use 2FA (Two Factor Authorization) and we have built Blazestack on Amazon Web Services.  AWS is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more. We use AWS RDS’s AES-256 encryption to encrypt data at rest.

Blazestack’s responsibilities include continued development of our application with security first in
mind, timely updating of systems as required by AWS, continuous monitoring and
vulnerability scanning as well as regular penetration testing using OWASP Top 10 and SANS CWE 25 guidelines.

OWASP Top 10 2021
A01:2021-Broken Access Control
A02:2021-Cryptographic Failures
A03:2021-Injection
A04:2021-Insecure Design
A05:2021-Security Misconfiguration
A06:2021-Vulnerable and Outdated Components
A07:2021-Identification and Authentication Failures
A08:2021-Software and Data Integrity Failures
A09:2021-Security Logging and Monitoring Failures
A10:2021-Server-Side Request Forgery

SANS CWE 25
CWE-787 Out-of-bounds Write
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-20 Improper Input Validation
CWE-125 Out-of-bounds Read
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection')
CWE-416 Use After Free
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-476 NULL Pointer Dereference
CWE-502 Deserialization of Untrusted Data
CWE-190 Integer Overflow or Wraparound
CWE-287 Improper Authentication
CWE-798 Use of Hard-coded Credentials
CWE-862 Missing Authorization
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-306 Missing Authentication for Critical Function
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-276 Incorrect Default Permissions
CWE-918 Server-Side Request Forgery (SSRF)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race
Condition')
CWE-400 Uncontrolled Resource Consumption
CWE-611 Improper Restriction of XML External Entity Reference
CWE-94 Improper Control of Generation of Code ('Code Injection')