Security Policy
This document outlines the security policy
-
Introduction This security policy outlines the essential security measures and practices for Hash Cube PTE LTD ("Rampable"). to safeguard our web-based payouts dashboard and API, ensuring the confidentiality, integrity, and availability of user and company data.
-
Application Security 2.1. Code Review and Testing
We conduct thorough code reviews to identify and remediate any security-related issues. This process ensures that no security vulnerabilities go unnoticed before the application is deployed. Our development team follows secure coding guidelines and best practices throughout the software development life cycle. These practices help identify and address vulnerabilities at an early stage of application development.
2.2. Secure APIs
Access to our application’s APIs is restricted and controlled to prevent unauthorized access. Only authorized entities, such as the account owner, are allowed to interact with the APIs. Our APIs use strong authentication mechanisms and role-based access control to ensure that only users with the appropriate permissions can perform actions within the application.
- Incident Response
3.1. Incident Reporting Rampable deploys prompt incident reporting. It involves preparing for, detecting, responding to, and recovering from security incidents to minimize their impact and protect your digital assets. Here's an expanded section on incident response:
We have established procedures for reporting security incidents. Users can report incidents through dedicated channels, such as email, online forms, or our customer support. Upon receiving an incident report, our response team takes immediate action to assess the situation, contain the incident, and initiate an investigation.
3.2. Incident Mitigation Containment: Once the incident is understood, containment measures are initiated to prevent further damage and stop the attacker's access to your digital assets. Recovery: Parallel to containment, recovery procedures are executed to restore affected systems and services to normal operations.
- Secure Third-Party Integration Third-party integrations can offer valuable features and functionalities to our solution, but they also introduce potential security risks. Rampable takes a diligent approach to secure third-party integration to ensure that the integration of external services and applications is done safely.
4.1. Vendor Security Assessment Before integrating any third-party service, we perform a thorough risk assessment. This includes evaluating the security posture of the vendor, their reputation, and their track record for data protection and compliance with relevant regulations. We ensure that any third-party integration adheres to our predefined security standards. This means that the integration must meet specific security requirements and guidelines to minimize vulnerabilities.
- User Education and Training Rampable understands that providing user education and training is pivotal to ensuring that our users can confidently manage Rampable’s technology. We're committed to empowering users with the knowledge and skills they need.
5.1. Security Awareness We provide a wealth of educational resources, including articles, guides, videos, and tutorials, to help users understand the security features and best practices of our technology. Users are educated about the various threats and risks that exist in the cryptocurrency space, including phishing attacks, malware, and social engineering, so they can recognize and respond to potential dangers.
- Continuous Improvement Rampable recognizes that the landscape of cryptocurrency and cybersecurity is constantly evolving. As such, we are committed to a culture of continuous improvement to ensure the security our technology remains at the forefront of industry standards
6.1. Security Updates We stay vigilant and monitor security vulnerabilities and threats. When security updates or patches are released by our development team or third-party software providers, we respond promptly to address known vulnerabilities. We encourage users to regularly update their software and related applications. These updates often include security enhancements that protect against evolving threats.
6.2. Security Testing We conduct regular vulnerability assessments and penetration testing to identify and address potential weaknesses within our system. This proactive approach allows us to remediate vulnerabilities before they can be exploited. Our development team continually reviews and audits the code to identify and mitigate potential security issues.