Security + Compliance Features
Please see the list of security features below sorted by our most common app types.
Disregard any features or considerations that would not apply to the technology your app requires.
If your app type or required security features are not on this list, please contact us at solutions@active3D.com or via phone at 816.547.3411.
Any additional security requirements beyond defaults provided may require adjustments of scope.
A : Online/Cloud/Server Based Applications
ie: Websites, Microsites, Web Apps, Web-Based Experiences
- Online applications pass OWASP coding assessment (OWASP Application Security Verification Standard 4.0)
- Applications encrypt passwords with AES-256 encryption
- By default, applications do not collect any sensitive/non-sensitive PII data
- When PII data collection is required, it is held in a secure server environment
- Directories cannot be accessed by users or public visitors
- Applications are hosted on Bare Metal/dedicated LAMP stack servers (Non-Cloud based)
- Applications are backed up via AWS glacier storage monthly and held for 3 months
- Applications are hosted on secure HTTPS URLs
B : Stand Alone Application Security
ie: Android/iPhone/Windows Apps, Desktop/Laptop Programs, Installable EXE or MSI Apps
- Apps are designed to be able to run without needed administrator access.
- When possible, apps will save visitor data locally in a secure internal database before attempting to sync the data online. Data can only be synced when an appropriate, stable online connection is available.
- PII data synced in this manner is never made publically available.
- App/Server communication is one way and submitted by secure encrypted posts. Only the App can start communication. No remote backdoors are created inside of the Apps.
C : Remote Software Support Security Features
ie: Remote Desktop Control Apps for Field Support
- Remote software is installed on machines but is left in an unauthenticated state.
- To enable remote support, a person near the machine requiring support may need to sign in to the remote software.