At Crosscode we take your security very seriously.
Transmission and Storage Security
The metadata sent to the Crosscode Cloud Server is transmitted over a two-way TLS connection with certificate pinning. This ensures that it cannot be accessed or intercepted during transmission to the secure Amazon Web Services (AWS) cloud server.
It is important to know that your application code and business data are not transmitted to the Crosscode Cloud Servers. They remain secure in your server. Crosscode extracts only information about the structure of your code and databases.
In addition to encryption, our host (AWS) provides the highest level of physical security, with round-the-clock guards, multiple non-descript locations, backups, and compliance with all the standards such as SOC 2, ISO 27001, and PCI DSS Level I.
CPT has been designed from the ground up with security in mind. Our platform uses state-of-the-art AES 256 encryption for all data at rest, with keys stored in a Hardware Security Module. It ensures that each customer’s data is physically separate from data belonging to other customers. CPT can deploy an exclusive AWS account for the more security-conscious customer. Two-factor authentication is mandatory. Our corporate security program requires strict role-based access control to customer data.
Every operation is logged. The system is designed to prevent OWASP top 10.