At ScopeStack we take security serious

ScopeStack automates the IT services scoping and pricing process. The platform is scalable, reliable, and easy to use. We have taken the appropriate steps to ensure both data security and application integrity are upheld at all times.

User Authentication

Natively, ScopeStack employs password-based authentication. User-provided passwords are not stored directly but are combined with a “salt” and then encrypted via SHA-256 hashing. This is a one-way encryption technique.

Application Security

ScopeStack regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.

Furthermore, The ScopeStack application has been developed from the perspective of a Twelve Factor Application. Of particular interest to security, this means that sensitive configuration data such as passwords, connection strings, encryption keys, etc are not stored in application code, configuration files, or the like.

Infrastructure Security

ScopeStack uses Amazon Web Services to host our application. The ScopeStack databases are contained within a private subnet of a VPC. As such, they can only be accessed by the application and process servers through the private subnet IP addresses.

Files uploaded into ScopeStack or generated by ScopeStack are stored in Amazon Simple Cloud Storage (S3). The storage buckets are configured such that files are private by default. The application code is granted access to the files through AWS security protocols so that the application servers may act as a proxy to file requests but files may not otherwise be access directly from S3