AppMaster Security
AppMaster provides an incredibly efficient development environment, but we know this cannot come at the cost of your company's security. We guarantee our platform will always be secure and never slow down your project.
We keep all your data private and safe
AppMaster provides an incredibly efficient development environment, but we know this cannot come at the cost of your company's security. We guarantee our platform will always be secure and never slow down your project.
Comprehensive logging
We use the industry's leading log collection and management solutions. Logging in generated applications can be configured in great detail.
Application privacy
An app's data is protected at the application level. Pre-built modules simplify security-related tasks such as encrypting data at rest.
Point-in-time recovery
You have the ability to access point-in-time data recovery. If you deploy a feature that impacts your data, you can recover your data from a previous time.
User data
We utilize AWS rigorous data separation measures. We encrypt and separate user data, which limits all access and checks and enforces permissions for requests.
Secure Vault Storage
We use a special Secure Vault Storage to store and tightly control access to your secrets and keys to protect this data even at the higher levels.
Role-based access
Role-based access will only grant the right team members in your company access to make, change and deploy applications.
Comprehensive compliant environment
Our IDE lets you create projects that are safe and compliant. AppMaster is built with security-by-design and uses the world's leading enterprise-grade security technologies.
Amazon Web Services
AppMaster is running on Amazon Web Services, which complies with certifications such as SOC 2, CSA, ISO 27001, and more.
HTTPS encryption
Every connection made to AppMaster is end-to-end encrypted over HTTPS with TLS v1.3. We force HTTPS for all services and infrastructure.
Secure payments
With Stripe we don't store PCI-DSS information ourselves. Stripe is certified to PCI Service Provider Level 1, the most stringent level.
High availability and resilience
Our robust framework includes many features that help keep your data secure so you can focus on creating the best products possible.
Shared Responsibility Model
We operate, manage, and control the components from the platform down to the infrastructure. You secure the applications and integrations you develop via user-defined privacy rules.
Attack Surface Minimization
We use AWS RDS for databases, Route 53 for secure DNS zone management, VPC for service isolation, docker containers for service isolation within a single virtual server.
Access Control
Access to all systems is role-based, with the principles of deny-by-default and least-privilege. No access to the user data is possible without explicit consent from the data owner.
Failover and Backup
Our system includes automatic backups. If one server goes down, another will take over immediately. We can reconstruct all AppMaster data in a new location in a matter of days.
OWASP & Regulatory Compliance
OWASP is a non-profit organization that keeps track of the most important security vulnerabilities. AppMaster follows their recommendations, so you can rest assured we have your back. Besides, AppMaster is actively pursuing the American Institute of CPAs industry-standard cybersecurity program, SOC-2.
The best security management practices
We take maximum precautions, so your data remains safe. We've created clear processes to help our development teams build security into your product.
Change Management
We use Bitbucket and CI in our development process. CI runs automated tests and pushes changes to the staging instance, allowing for monitoring and quality assurance.
Vulnerability Management
We continually monitor our code to assess vulnerability and respond quickly when any vulnerability arises. All modules and dependent packages are updated on the regular basis.
Incident Management
We investigate and fix any security concerns that are reported. If we think you're affected, you'll get an update as soon as possible, much sooner than the legally mandated 72 hours.
Without code! Without using a lot of applications! Join AppMaster Platform and build powerful server, mobile and web apps for your team with one tool.