Security @ Hamiware

Security is at the core of everything we do. We aim to meet industry standards and customer expectations for security controls, enabling them to confidently focus on their business.

Security

Platform Security

Infrastructure

Physical Access

All services are hosted in the cloud. Hamiware doesn't operate its own routers, load balancers, DNS servers, or physical servers.

Daily Security Scanning

Our infrastructure undergoes regular security scanning to identify and mitigate vulnerabilities using industry-standard tools.

Access Management

Access to our production environment is strictly controlled. All access is logged and regularly reviewed. We adhere to the principle of least privilege.

Application Security

Code Reviews

Each code contribution is reviewed by a Senior+ Engineer with extensive security training prior to deployment to production systems.

Continuous Testing and Integration

A comprehensive suite of automated testing is executed for every code alteration. This includes unit, functional, and integration tests.

Software Dependencies

Hamiware regularly updates software dependencies and employs automated tools for identifying common security concerns including Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection.

Development and Staging Environments

These environments are isolated from Hamiware's production environment. No client data is ever utilized in development or quality assurance environments.

User Authentication

Protection against brute force attacks is enabled through rate limiting technology. All sensitive information such as passwords and API tokens are redacted from logs and error trackers. User passwords are cryptographically hashed and salted prior to being securely stored securely by a third party industry-leading authentication provider.

Penetration Assessment

Hamiware conducts regular penetration testing audits in collaboration with a contracted third party.

Incident Management

Hamiware ensures swift detection, containment, and resolution of security incidents. Affected customers are notified promptly, and, where required, we comply with all relevant regulatory obligations. Post-incident reviews help reinforce future security measures.

Data in Transit & At Rest

All data exchanged with Hamiware is encrypted using robust TLS and encrypted while at rest. Hamiware is protected by HTTP Strict Transport Security and is pre-loaded in major browsers. Additionally, data interactions between Hamiware's services and backend databases are encrypted using TLS.