BoostUp’s cloud service is completely hosted in AWS, in data centers that reside within the United States. AWS data centers are highly secure, and are SOC1, SOC2 and SOC3 compliant. All our production and staging servers are hosted in their own Virtual Private Clouds (VPCs).We make extensive use of security groups to restrict access to these servers, enabling only the minimum level of access needed for operation.
Application and Data Security
BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.
All connections to BoostUp from external sources (web / mobile browsers) are encrypted using SSL/TLS. BoostUp uses industry standard MongoDB for our data storage. Connections to MongoDB are only allowed from specific production servers, and are encrypted using SSL/TLS. Data is stored at rest on encrypted EBS volumes. The net result is that all customer data is always encrypted in transit as well as at rest. Customers have full control over what data is being stored on BoostUp’s servers. They can configure a data retention period after which the data is fully purged from our servers.
The BoostUp security team encourages responsible reporting of any vulnerabilities that may be found in our site or applications. BoostUp is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. Please refer to our Vulnerability Disclosure Policy for more details.
BoostUp.ai employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.
Access to sensitive records is protected, such that only authorized objects or data is accessible to each user. BoostUp.ai application uses strong random anti-CSRF tokens and correctly enforces context-sensitive authorization so as to not allow unauthorized manipulation by means of parameter tampering.
All cryptographic modules fail securely, and errors are handled in a way that does not enable oracle padding. All cryptographic algorithms used by BoostUp.ai have been validated against FIPS 140- 2. TLS is used for all connections including both external and backend connections.
All sensitive data is sent to the server in the HTTP message body or headers only. Proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured. Only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates. All data is stored at rest on EBS volumes in an encrypted form.
Malicious Input Handling
All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. BoostUp.ai application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.
Choose SaaS or On-Premise Deployment
Our single tenant hosted architecture affords maximum security with our entire application stack deployed inside your VPC. This architecture completely isolates your data and gives you fine-grained control over data retention and deletion. BoostUp’s SaaS application is hosted on highly secure AWS data centers that are SOC1, SOC2 and SOC3 compliant
Email us at email@example.com to learn more
We’d love to hear from you. To ensure a speedy response use a business email address and include how many sellers you have on the team.