Sendoso Security
Thousands of companies trust Sendoso with their data. The main goal of our dedicated InfoSec Team is keeping your data safe and secure. We leverage enterprise-class security features, third-party penetration tests, compliance audits, and infrastructure best practices to ensure our customers and their data are always protected.
Product Application security
Sendoso software engineers take special measures to securely develop and test against security threats to ensure the safety of our customer data. Security testing is performed prior to any software release, along with internal and third-party application layer assessment of our applications on a continuous basis. We use the OWASP Testing Guide as the basis for our application layer vulnerability testing. This structured methodology ensures that our applications are free of the OWASP Top 10 most critical vulnerabilities, which include injection attacks, cross-site scripting, security misconfiguration, and sensitive data exposure. Sendoso uses a gray box testing methodology, which combines selective white box code review with interactive black box testing of the running application to maximize effectiveness.
Sendoso also employes third-party penetration test experts. It is seamless for customers to manage access and sharing policies with authentication and single-sign-on (SSO) options via Okta, OneLogin, Auth0, and others. All communications with Sendoso servers are encrypted using industry standard HTTPS. All data is encrypted at rest using the AES-256 standards.
Data Center and Network Security
Sendoso works with Amazon AWS, which provides our customers with extra network and server security. The facilities are top of the line and audited for compliance and industry best practices.
Sendoso conducts weekly scans of our offices and production networks to identify and remediate known vulnerabilities in our infrastructure and application platform.
Sendoso employs system monitoring for network-based and host-based Intrusion Detection (IDS) and has Intrusion Prevention (IPS) systems to detect anomalous and/or malicious traffic on our networks and systems. Our next generation firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are permitted based on business need. Our infrastructure incorporates multiple DDoS mitigation techniques in addition to maintaining multiple backbone connections. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.
Carrier Security
Sendoso uses world class carriers such as FedEx, UPS, and DHL to safely and securely delivery packages. We ensure the confidentiality and integrity of your data with industry best practices.
Certifications & Compliance
Sendoso implements security best practices to meet not just industry-based compliance, but the most stringent requirements. Sendoso is PCI-DSS compliant via our partner Stripe.com and its data centers are SOC 1, 2, and 3 compliant via our partner Amazon AWS. Our SSL certificates are 2048 bit RSA, signed with SHA256. We successfully completed the SOC 2 certification.
Question? Please email security@sendoso.com. Network infrastructure diagrams, security audits, and penetration testing reports available upon request.