Security Overview

At Manage Assets Now, security isn't just a compliance checkbox—it's a passion ingrained in our DNA. From robust user security options to rigorous testing on our Manage Assets Now platform, it permeates our company culture. Just as each layer in the OSI model plays a crucial role, every facet at Manage Assets Now contributes to a security-first approach that defines our commitment

Embedded Security: Fortifying Our Software

Immerse your software experience in a shield of robust security. With 'Embedded Security: Fortifying Our Software,' we prioritize and integrate cutting-edge measures to safeguard your digital journey. Explore a secure realm where every line of code contributes to a resilient and protected software environment.

  • Two-Factor Authentication powered by Google Authenticator
  • Unidirectional secure password hashing employing bcrypt
  • Encryption of fields secured with AES-256 encryption via OpenSSL
  • Precise user-roles for granular access control
  • HTTPS-only cookie enforcement option
  • Cookie customization with HttpOnly and encryption features
  • Robust CSRF protection through form tokens

  • Prevention of SQL injection via prepared statements
  • Input validation and output sanitization to thwart XSS
  • Customizable password minimum requirements enforcement
  • Common password prevention option
  • Brute force prevention mechanism for login attempts
  • Middleware enforcement for nosniff and SAMEORIGIN X-Frame-Options
  • Middleware implementation for Content Security Policy (CSP) enforcement

Process Security: Safeguarding Every Step

  • Continuous Static Code Analysis on every commit using Codacy and Sensiolabs.
  • Automated blocking of dependencies with known security advisories.

  • Integration with Travis-CI for continuous validation.
  • Thorough and meticulous code reviews to ensure robustness and security.

Platform Security: Fortifying Your Digital Haven

  • All connections fortified with TLS 1.2 or higher encryption.
  • Implementation of best-practice security measures, including firewalls and brute-force prevention.
  • No multi-tenancy; each customer enjoys a dedicated database.
  • Encryption of databases and drives to ensure data integrity.
  • Hosting customers in region-specific data centers for enhanced accessibility.
  • Enforcement of a stringent data retention policy, retaining data for a duration of 3 months.

  • Regularly tested snapshots and individual data backups for data security.
  • Critical services inaccessible to external networks, ensuring a secure infrastructure.
  • Code execution within tightly restricted domain environments for added protection.
  • SSH access strictly through whitelisted IPs via secure VPN channels only.
  • IAM security profiles incorporating two-factor authentication for administrators.
  • Continuous and detailed system monitoring to promptly address any security concerns.

Company-wide Security: A Culture of Protection

  • Robust security policy firmly established and subject to quarterly review.
  • Continuous technical security training for engineering teams to stay ahead of evolving threats.
  • Comprehensive security awareness training for all employees to foster a culture of vigilance.
  • Implementation of technical and administrative controls enforcing least-privilege access.
  • IAM security profiles incorporating two-factor authentication for administrators.
  • Quarterly access-control reviews specifically tailored for Grokability administrators.