HackEDU employs a wide range of security controls in order to mitigate the risk of vulnerabilities and protect user data. HackEDU is a SaaS platform that is accessed through a web browser so no software is required to be installed on the users system. Although we will not give full details of all of our security measures in place below are some high level details.
Users log in using either username/password or single sign on (SSO) using SAML authentication.
Content Delivery Network (CDN)
HackEDU uses a content delivery network to help with Denial-of-Service (DoS) attacks. This helps ensure that our services and data are highly available.
HackEDU takes data security and privacy seriously. We go above and beyond data privacy laws (including GDPR and CCPA) ensuring that only the strongest cryptographic algorithms are selected for both data in transit and data at rest. In addition, HackEDU uses a strong data minimization policy and does not collect any personally identifiable information from users beyond email address.
3rd Party Vulnerability Assessments
In addition to conducting vulnerability assessments, HackEDU also has independent third-parties conduct vulnerability assessments as well. This helps remove HackEDU’s bias and provides assurances that HackEDU is taking the necessary and expected steps to mitigate all security risks.
Continuous Security Monitoring
HackEDU employs AWS Security Hub with monitoring all of HackEDU’s assets 24/7. The alerts and results are triaged by personnel based on the criticality of the alert.
Servers log all activities that happen and these activities provide information about if/when a security incident has occurred. HackEDU’s log analysis pulls all of the logs from all of our products’ servers. All of these logs are combed for information about security incidents.
HackEDU uses a secure Software Development Lifecycle process based on best practices and frameworks. HackEDU requires all developers to take HackEDU’s Secure Development Training.