Security and Privacy
As a cybersecurity education platform, we practice what we teach. Here is how we protect you and your data.
Security Headers
Enterprise-grade HTTP security headers protect against common web vulnerabilities.
- •Content Security Policy (CSP) restricts script and resource loading
- •HTTP Strict Transport Security (HSTS) enforces HTTPS connections
- •X-Frame-Options prevents clickjacking attacks
- •X-Content-Type-Options prevents MIME type sniffing
OWASP ASVS 14.4
CIS Control 16
CSRF Protection
Cross-Site Request Forgery protection validates all form submissions.
- •Origin and Referer header validation on all POST requests
- •Automatic logging of violation attempts
- •Protection for contact forms and newsletter signup
OWASP Top 10 A5
CIS Control 16
Rate Limiting
Multi-tier rate limiting prevents abuse and denial-of-service attacks.
- •Strict limits on form submissions (10 requests per minute)
- •Standard limits on API endpoints (30 requests per minute)
- •Automatic IP blocking after repeated violations
- •5-minute cooldown period for blocked IPs
CIS Control 9
NIST 800-53 SC-5
Security Monitoring
Real-time logging and pattern detection for security events.
- •Suspicious pattern detection (XSS, SQL injection, path traversal)
- •All security events logged with timestamps and IP addresses
- •Automatic alerting for high-risk activity
ISO 27001 A.12.4
CIS Control 8
Input Validation
Strict validation and sanitization of all user inputs.
- •Schema-based validation using Zod
- •DOMPurify sanitization for displayed content
- •Parameterized database queries prevent SQL injection
- •Request size limits (100KB JSON, 50KB forms)
OWASP ASVS 5.1
CIS Control 16
Privacy Protection
Your data is handled with care and transparency.
- •Analytics used only to improve your experience
- •Form submissions stored securely
- •Personal data never sold for money; you control ad and analytics cookies
- •Security tools run entirely in your browser
GDPR
Privacy by Design
Compliance Standards
OWASP ASVS
Application Security Verification Standard
Our security controls align with OWASP ASVS Level 1 requirements for input validation, output encoding, authentication, and session management.
CIS Controls
Center for Internet Security
We implement relevant CIS Critical Security Controls including secure configuration, data protection, and network monitoring.
ISO 27001
Information Security Management
Our logging and monitoring practices align with ISO 27001 Annex A requirements for security event logging and incident management.
NIST Cybersecurity Framework
National Institute of Standards and Technology
Our security architecture follows NIST CSF core functions: Identify, Protect, Detect, Respond, and Recover.
Report a Security Issue
If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform and users safe.
Contact us through our contact form with the subject line "Security Report" and we will respond within 48 hours.