Back to Home

Security

Our commitment to keeping your data safe

Security Overview

At MockBoost, security is not an afterthought—it's built into every layer of our infrastructure. We employ industry-standard security practices and continuously monitor for threats to ensure your data remains protected.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). This ensures that:

  • Your API requests and responses are protected from interception
  • Session tokens cannot be stolen in transit
  • Man-in-the-middle attacks are prevented

Encryption at Rest

All data stored in our databases is encrypted at rest using AES-256 encryption:

  • Mock data and endpoint configurations
  • User credentials (hashed with bcrypt)
  • Workspace information
  • API logs and request history

Access Control

Authentication

  • Secure Password Hashing: Passwords are hashed using bcrypt with a cost factor of 12
  • Session Management: Secure, HTTP-only cookies with strict same-site policies
  • Token-based Auth: JWT tokens for API authentication with short expiration times

Authorization

  • Role-Based Access Control (RBAC): Users can be assigned roles (OWNER, ADMIN, MEMBER)
  • Workspace Isolation: Data is strictly isolated between workspaces
  • Least Privilege Principle: Users only have access to resources they need

Database Security

  • PostgreSQL: Enterprise-grade database with advanced security features
  • Connection Pooling: Secure connection management with Prisma
  • SQL Injection Prevention: Parameterized queries prevent SQL injection attacks
  • Regular Backups: Automated daily backups with point-in-time recovery
  • Network Isolation: Database servers are not publicly accessible

Application Security

Input Validation

All user inputs are validated and sanitized to prevent:

  • Cross-Site Scripting (XSS) attacks
  • SQL Injection attempts
  • Command Injection
  • Path Traversal attacks

Security Headers

Our application includes security headers to protect against common web vulnerabilities:

  • Content-Security-Policy
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • Strict-Transport-Security

Rate Limiting

We implement rate limiting to protect against brute force attacks and DDoS attempts. API rate limits vary by plan (DEV/QA/PROD).

Monitoring & Incident Response

Continuous Monitoring

  • Automated monitoring of systems and infrastructure
  • Real-time alerting for suspicious activities
  • Comprehensive logging of all access and changes
  • 24/7 monitoring and regular security audits (planned as we scale)

Incident Response

In the event of a security incident:

  • Our security team is immediately notified
  • Affected systems are isolated to prevent further damage
  • We investigate the incident thoroughly
  • Affected users are notified within 72 hours
  • We implement measures to prevent recurrence

Infrastructure Security

  • Cloud Provider: Hosted on secure infrastructure; SOC 2 compliance planned as we scale
  • Network Security: Firewalls and network segmentation
  • DDoS Protection: Advanced DDoS mitigation measures
  • Regular Updates: Automated security patches and updates

Compliance

MockBoost is committed to meeting industry standards and regulations as we scale:

  • GDPR compliance for data protection
  • SOC 2 Type II compliance (planned)
  • Regular third-party security assessments (planned)

Responsible Disclosure

We appreciate the security research community's efforts to keep MockBoost secure. If you discover a security vulnerability, please:

  • Email us at contacto@mockboost.com with details
  • Allow us reasonable time to address the issue before public disclosure
  • Do not exploit the vulnerability or access user data

We commit to acknowledging your report within 48 hours and keeping you updated on our progress.

Best Practices for Users

While we implement robust security measures, we recommend users follow these best practices:

  • Use strong, unique passwords (12+ characters with mixed case, numbers, symbols)
  • Never share your credentials with others
  • Be cautious of phishing emails claiming to be from MockBoost
  • Regularly review workspace members and remove inactive users
  • Use workspace invitations carefully and only invite trusted team members
  • Report suspicious activity immediately

Contact Us

If you have security concerns or questions, please contact our security team at: contacto@mockboost.com

← Terms of Service← Privacy Policy