Security and Monitoring
Ensuro prioritizes the security of our users. Here's how we secure the Ensuro frontend application:
Secure Development Foundation: We adhere to a strict Secure Development Lifecycle Policy (SDL) under our Compliance Program with the Bermuda Monetary Authority to
Ensure all code dependencies used by the frontend are pinned to specific, well-tested versions. This minimizes vulnerabilities and supply-chain attacks.
Ensure all released code is reviewed and thoroughly tested.
Ensure that all deployments to productive environments are approved by senior management
Robust Infrastructure: The frontend application is built with ReactJS and deployed on Firebase Hosting. This leverages Google's secure infrastructure, including a global Content Delivery Network (CDN) for fast performance and advanced Distributed Denial-of-Service (DDoS) protection.
Passwordless Login: Ensuro utilizes Sign In With Ethereum (SIWE) for authentication. This approach leverages users' existing Ethereum accounts, eliminating the need to manage additional passwords and enhancing security.
Wallet Security: The frontend integrates with various wallets, including hardware wallets, using well-established and secure libraries, adding an extra layer of protection for your digital assets.
Continuous Monitoring: We constantly monitor the frontend's performance and availability. Alerts are triggered for any anomalies, such as outages or unexpected traffic surges. This allows us to swiftly address potential issues and ensure a smooth user experience.
Deployment Safeguards: Strict access controls are enforced on our code repositories and deployment platforms. Additionally, team-wide notifications are sent whenever new versions are deployed to the production environment, promoting transparency and accountability.
Last updated