How secure is the vPenTest platform?
ANSWER Very secure.
Vonahi Security treats the security of the platform with extreme priority. We already know attackers are going to target our platform, and that's why we've taken as many precautions as possible to ensure your data is protected for the short time span that it's even stored.
While we do not publish detailed configurations of our security controls and processes, here are some of the following ways that we're protecting our platform, along with your data:
Auto purge policy
Your data is automatically purged after 60 days and you'll be notified prior to this data purge. You also have the ability to control this by having your data purged immediately after collecting your report.
Sensitive data storage
There is no need to store extremely sensitive data. The evidence in our reports provide enough proof that we had access to valuable data based on our narrative, access of accounts, and other methods that could only be proven with such access.
Web Application Firewall (WAF)
Like many companies, we have WAFs in place to help protect our platform from malicious attackers. Although these are configured relatively well, we treat this compensating control as a minor security implementation just because we know sophisticated attackers could potentially bypass these with enough time, patience, and search.
Zero tolerance
In many aspects of our company in general, we have a zero tolerance policy for even malicious attack attempts. For example, many companies will just simply filter out data when you're enumerating, etc. However, we know exactly the difference between malicious and normal behavior, and we take necessary measures as soon as we're aware of something even potentially malicious is happening.
Access controls
We also have implemented an unmeasurable amount of access controls within our company and platform, and every single action that occurs within our platform is logged for investigation purposes. We also perform periodic reviews to identify if any any access controls have been modified and if they still remain appropriate.
For more information on how we protect data, please refer to the AWS overview of cloud security and compliance.