Security

• TLS 1.2+ encryption for all data in transit
• Encrypted storage for sensitive fields (passwords hashed with bcrypt, keys encrypted at rest)
• Role-based access control (RBAC) — Admin, Customer, Pentester roles
• Audit logging for all key actions: logins, scan creation, configuration changes
• Rate limiting on all API endpoints; tighter limits on authentication routes
• HTTP security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options
• JWT tokens with short expiry; HTTP-only cookies for session management

If you discover a security vulnerability in SecurityRIP, please report it responsibly to:

We will acknowledge your report within 48 hours and keep you updated as we investigate and fix the issue. Please do not disclose publicly until we have had a reasonable opportunity to remediate.

Compliance Roadmap