Security

Our flagship products & years of expertise, best showcased proudly by securing our own platform & services.

Traboda, being a CyberSecurity Company, has security and privacy of your data at the heart of our values. Security is our top priority, and we have built Traboda from scratch taking this very seriously.

As we ourselves train and offer cyber security services to companies, institutions and students, we have adopted the highest standards and best practices for our the security of our platform and services, and constantly innovate and improve on making it better.

Organizational Security

Security Awareness

Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance using the Traboda Platform.

We educate our developers continually on secure coding practices using the Traboda Platform, and furthermore evaluate their understanding through quizzes, and internal CTFs to determines which topics they need further training in. Using the Traboda Platform, and our panel of cyber-security experts we provide training on specific aspects of security, that they may require based on their roles.

We frequently host internal events such as Cyber Bootcamps and CTFs to raise awareness and drive innovation in security and privacy.

Security & Pentesting Team

We have a highly skilled and diverse security and penetration testing team, comprising of senior members from team bi0s. Team bi0s is our sister community club, which has been consistently been ranked as India's No.1 ranked CTF team for several years.

They engineer and maintain our defense system, develop review processes for security, and constantly monitor our infrastructure and networks to detect suspicious activities. Team bi0s, which has members specializing in almost all cyber-security fields, provide our engineering teams domain-specific guidance and consultation whenever required.

DevOps Access

Only selected Traboda DevOps engineers have access to these machines, via secure key-based SSH login. Your private data will not be accessed by our team except as absolutely needed to resolve issues. In cases where our team accesses your private data, we shall ensure proper security and erasure of your data from their system after the use following our Privacy Policy.

Physical Security

At Data Centers

Traboda uses Amazon Web Services (AWS) and Google Cloud Platform (GCP) to host all of our applications and databases.

Amazon AWS

Amazon Web Services (AWS) maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security (https://aws.amazon.com/compliance/programs/). They have many years of experience in designing, constructing, and operating large-scale data centers.

AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here:https://aws.amazon.com/compliance/data-center/data-centers/

Infrastructure Security

Traboda's infrastructure is hosted in a fully redundant, secured environment, with access restricted to our in-house DevOps staff only. We leverage complete data and access segregation, firewall protection and other security features. We continuously back-up everything to ensure your valuable data stays safe.

Network Security

We have designed our network security and monitoring techniques to provide multiple layers of protection and defense.

We use technologies provided by CloudFlare to prevent our network from unauthorized access and undesirable traffic, including DDoS attacks on our servers. Our firewall is managed by Cloudflare, which leverages its global network and reach to provide unique intelligence that enables it to identify and prevent disruptions caused by bad traffic, while allowing good traffic through. On top of this, our APIs and application, also have rate limiting to prevent abuse of these systems. These keep our platform highly available and performing.

Our services are segmented into separate networks to protect sensitive data. Systems supporting testing and development environments are hosted in a separate network from those supporting our production infrastructure.

Server Security

All servers provisioned are hardened (by disabling unused ports and accounts, removing default passwords, etc.). We use the latest stable versions of system software and libraries, and update system software whenever stable updates are available.

Application Security

Secure Transport & Storage

All Traboda web application communications are encrypted over 256 bit SSL, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All Traboda data including our databases and multi-media storage is encrypted at rest using AES-256 encryption.

Secure Authentication

We use a JWT refresh token based secure authentication using sever-side cookies, and rotate them every few minutes. We have a strong password policy, and do not allow setting weak and breached passwords, and store the passwords after hasing it using the PBKDF2 algorithm with a SHA256 hash, which a NIST recommended password streching mechanism - requiring massive amounts of computing time to break.

For our enterprise and B2B customers, we optionally support fulti-factor authentication through TOTP, and support for integrating SSO/SAML/LDAP.

Secure Coding

Our developers write code in security-first approach, and have are trained and frequently updated on secure-coding practices. Our developers learn, refer to and follow cybersecurity guidelines such as OWASP WSTG, MITRE ATT&CK etc., using the Traboda platform, and minimize the attack surface as far as possible.

We run automated secuirty testing - such as SAST on every commit to production, and also conduct a security review for major releases. We do pentesting internally and patch vulnerabilities when they are discovered, as soon as possible.

Security Monitoring & Incidence Response

We have automated security monitoring systems, DDoS protection, firewalls and logging systems to detect and prevent most of the common attacks. In an unfortunate event, we always have someone on call to address any issues or outages as fast as possible, including a incidence response team.

Reporting Vulnerabilities

Traboda was built keeping security at the top of our priorities, and we take it very seriously. Even so, we believe that all technology contains undiscovered vulnerabilities and that the public community plays a crucial role in identifying these. We encourage security professionals, amateurs, our own hacker community and students, to practice responsible disclosure and let us know right away if a vulnerability is discovered.

If you have discovered a security bug in our service, we'll gladly work with you to patch the issue and ensure you are fairly rewarded for your disclosure. Please email to our security team at [email protected].

Traboda