Skip to main content

    Security and Privacy

    As a cybersecurity education platform, we practice what we teach. Here is how we protect you and your data.

    Security Headers
    Enterprise-grade HTTP security headers protect against common web vulnerabilities.
    • Content Security Policy (CSP) restricts script and resource loading
    • HTTP Strict Transport Security (HSTS) enforces HTTPS connections
    • X-Frame-Options prevents clickjacking attacks
    • X-Content-Type-Options prevents MIME type sniffing
    OWASP ASVS 14.4
    CIS Control 16
    CSRF Protection
    Cross-Site Request Forgery protection validates all form submissions.
    • Origin and Referer header validation on all POST requests
    • Automatic logging of violation attempts
    • Protection for contact forms and newsletter signup
    OWASP Top 10 A5
    CIS Control 16
    Rate Limiting
    Multi-tier rate limiting prevents abuse and denial-of-service attacks.
    • Strict limits on form submissions (10 requests per minute)
    • Standard limits on API endpoints (30 requests per minute)
    • Automatic IP blocking after repeated violations
    • 5-minute cooldown period for blocked IPs
    CIS Control 9
    NIST 800-53 SC-5
    Security Monitoring
    Real-time logging and pattern detection for security events.
    • Suspicious pattern detection (XSS, SQL injection, path traversal)
    • All security events logged with timestamps and IP addresses
    • Automatic alerting for high-risk activity
    ISO 27001 A.12.4
    CIS Control 8
    Input Validation
    Strict validation and sanitization of all user inputs.
    • Schema-based validation using Zod
    • DOMPurify sanitization for displayed content
    • Parameterized database queries prevent SQL injection
    • Request size limits (100KB JSON, 50KB forms)
    OWASP ASVS 5.1
    CIS Control 16
    Privacy Protection
    Your data is handled with care and transparency.
    • Analytics used only to improve your experience
    • Form submissions stored securely
    • Personal data never sold for money; you control ad and analytics cookies
    • Security tools run entirely in your browser
    GDPR
    Privacy by Design

    Compliance Standards

    OWASP ASVS
    Application Security Verification Standard
    Our security controls align with OWASP ASVS Level 1 requirements for input validation, output encoding, authentication, and session management.
    CIS Controls
    Center for Internet Security
    We implement relevant CIS Critical Security Controls including secure configuration, data protection, and network monitoring.
    ISO 27001
    Information Security Management
    Our logging and monitoring practices align with ISO 27001 Annex A requirements for security event logging and incident management.
    NIST Cybersecurity Framework
    National Institute of Standards and Technology
    Our security architecture follows NIST CSF core functions: Identify, Protect, Detect, Respond, and Recover.

    Report a Security Issue

    If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform and users safe.

    Contact us through our contact form with the subject line "Security Report" and we will respond within 48 hours.