Swapping time and space...

Security

We are committed to providing a secure service that our users trust.

General Security

A critical consideration when choosing a software platform for your business, particularly one accessible over the internet, is the privacy and security of your data.

Please be assured your data is safe with us - we take data privacy and security very seriously and Discovery was built from the ground up with security and reliability in mind.

We continually are improving upon this important area of our application and stay up to date with practices and tools that reduce the considerable risks that exist today from phishing, malware/ransomware, and other forms of liabilities to your businesses day-to-day operations.

Hosting Infrastructure

  • Our hosting infrastructure is provided by various services spanning three providers, Linode, Amazon Web Services, and Microsoft Azure. Each are top-notch hosting platforms-as-a-service in terms of security and redundancy.
  • We keep extensive logs of all system activity.
  • We have two-factor authentication enabled for all server, code hosting and continuous integration services.

Application Layer

  • We use a highly reputable, industry leading server-side web framework, called Laravel, which follows modern best security practices, especially when it comes to user authentication, session management, password hashing, encryption, etc.
  • Password strength is validated against Dropbox's zxcvbn password strength estimator.
  • We check 3rd party code against known vulnerability databases.
  • Our policy based authorization system ensures that each congregation's data is segmented and contained within their own account.
  • All database queries are executed with parameter binding, preventing SQL injection attacks.
  • We use CSRF tokens to prevent cross site request forgery.
  • All user generated data is escaped on output, preventing XSS attacks.
  • We log all application errors (server-side and client-side) and log them to a bug tracker for review.

Encryption & Security

  • Our website and app are only available over an encrypted (SSL enabled) connection (HTTPS).
  • Passwords are one-way encrypted using the bcrypt hashing function.
  • All cookies used by Discovery are encrypted.
  • We authenticate session for every request. This ensures that hashed passwords for a user session match the authenticated user's password hash.
  • Users can manage other sessions and choose to remove/revoke other browser sessions.

Testing & Code Management

  • We have a full automated test suite which validates the expected system behavior when any change is made to the codebase.
  • We use an automated vulnerability scanner to continually monitor our app for possible security issues.
  • We check 3rd party code against known vulnerability databases.
  • Our code is managed using git and we employ internal processes to control what code can be pushed to our production environment.

Data Retention

  • Our PostgreSQL database has rolling daily backups, and is encrypted at rest.
  • User generated content, such as invoices, files and photos are stored on Amazon S3, with versioning enabled.
  • Clients can optionally download their data and save it offline.

Team Member Training

  • Each Discovery team member takes part in cyber security training and regular reinforcement to reduce the risk of our internal infrastructure becoming hindered by ransomware or other phishing/malware threats