Application Security. ● The Hubilo development team is trained on OWASP Secure Coding Practices and uses industry best practices for building secure applications. · The Hubilo security team conducts Whitebox testing on each code release and they also do Blackbox testing on third-party software to mitigate risk. Apart from this Hubilo also performs code scanning using Sonarqube in QA environment. Hubilo Security team uses Burp Suite Professional software to test for all vulnerabilities from time to time as per Hubilo policies and procedures. ● Hubilo code is stored in a code repository system hosted by our cloud data centre provider. Hubilo adopts a strict, least access privileges principle for access to the code. Commits to production code are strictly reviewed, and approval is restricted to just CTO/Sr. VP of Engineering / Lead-DevOps, (after passing Unit Testing and QA in Test and Staging). ● The data stored on production servers is accessible only to the CTO/Sr. VP of Engineering/ Lead-DevOps of the org. No other workforce member of Hubilo has access to customer data unless access permission is granted by the CTO/Sr. VP of Engineering to resolve any technical issue or for debugging. ● The Hubilo production environment is logically segregated from the staging and development environment with concepts of virtual private cloud and subnets. There is an hourly backup of the database data at secured cloud storage of cloud service provider (AWS). ● Connection to the Hubilo web-app via HTTPS by using the latest version of Transport Layer Socket (TLS) like TLS 1.2+ and above.
Appears in 5 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement