How Mitto Keeps You Safe

Mitto Users Benefit from a Safer Online Experience

Security is a top priority at Mitto. That’s why we take a proactive, multi-layered approach to security. To learn about the security benefits we offer to our users, we invite you to take a tour of our security features.

  •  
    • All passwords are encrypted with 1024 bit RSA or 256 bit AES algorithms
    • The Mitto service is rigorously tested against XSS (Cross-site Scripting), XSRF (Cross-site Request Forgery), SQL Injection, Session Fixation & Hijacking
    • All input is validated, and javascript inputs are validated twice (once before submit, and once by the server)
    • Strong access control is applied at all levels
    • Database servers allow no external network connections
    • No executable content is loaded based on externally-supplied parameters
    • All user data is handled uniformly in a manner to validate formatting and ensure against buffer-overruns
    • Critical data is never written unencrypted to any sort of long-term storage, such as backup tapes and hard disks (including swap files)
    • We take a minimalist approach to network services. Only services that are needed are enabled and allowed
    • All network access must be authenticated, and no anonymous access is allowed
    • All server operating system components and services are run in separate, secured environments. This way a potential breach of any one service or component is isolated.
    • Source files are located on a read-only file system, so they cannot be overwritten by malicious code.
    • A minimalist approach is applied to servers so that only software and services that are needed are installed and enabled.
    • All services and servers are monitored and tested daily to assure that they are properly configured and that all security patches are applied immediately
    • Authentication and access logs are monitored to identify unauthorized access attempts 
    • Intrusion detection tools are used to identify external intrusion attempts

    • Technical Security Information

    For those of you who want some additional technical details, we've included some of that information below.

    Application Security

    Network Level Security

    Server Level Security

    Monitoring

 

Copyright 2007-2012 Mitto.com All Rights Reserved