How Mitto Keeps You Safe

Mitto Users Benefit from a Safer Online Experience

Security is a top priority at Mitto. That’s why we take a proactive, multi-layered approach to security. To learn about the security benefits we offer to our users, we invite you to take a tour of our security features.

    • All passwords are encrypted with 1024 bit RSA or 256 bit AES algorithms
    • The Mitto service is rigorously tested against XSS (Cross-site Scripting), XSRF (Cross-site Request Forgery), SQL Injection, Session Fixation & Hijacking
    • All input is validated, and javascript inputs are validated twice (once before submit, and once by the server)
    • Strong access control is applied at all levels
    • Database servers allow no external network connections
    • No executable content is loaded based on externally-supplied parameters
    • All user data is handled uniformly in a manner to validate formatting and ensure against buffer-overruns
    • Critical data is never written unencrypted to any sort of long-term storage, such as backup tapes and hard disks (including swap files)
    • We take a minimalist approach to network services. Only services that are needed are enabled and allowed
    • All network access must be authenticated, and no anonymous access is allowed
    • All server operating system components and services are run in separate, secured environments. This way a potential breach of any one service or component is isolated.
    • Source files are located on a read-only file system, so they cannot be overwritten by malicious code.
    • A minimalist approach is applied to servers so that only software and services that are needed are installed and enabled.
    • All services and servers are monitored and tested daily to assure that they are properly configured and that all security patches are applied immediately
    • Authentication and access logs are monitored to identify unauthorized access attempts 
    • Intrusion detection tools are used to identify external intrusion attempts
  • Technical Security Information

    For those of you who want some additional technical details, we've included some of that information below.

    Application Security

    Network Level Security

    Server Level Security