We protect your information from security threats using:
Firewalls: We use CloudFlare's Web Application Firewall in front of all page and API
Strong authorisation and authentication: We use
rotating and securely stored API keys to connect to data stores,
multi-factor authentication for all administrative access, strong user
passwords and cryptographically random account access tokens.
Supply-chain validation: We run GitHub's Dependabot on all of our
source code to detect vulnerable dependencies, and we update all
identified vulnerable packages (or implement a mitigation where an
update is unavailable) within 72 hours of being alerted.
Secure software development: We develop software
securely, including scanning all our source code with SonarCloud, following the OWASP Top 10, using mature web application
frameworks, running a high level of automated testing coverage and
including security-focussed test cases as core business practice. We
patch any identified vulnerabilities within 24 hours of their
Backups: We store daily shapshot backups of all
customer data in both online and offline locations, transferring them
only over encrypted connections, and regularly testing our restoration
Special note regarding CVE-2021-33026
CVE-2021-33026 is a CVE lodged against all current
versions of the Flask-Caching Python package, which
dnstwister uses. No patch is currently available for this
package. We have assessed both the vulnerability and our use of this
package and can confirm dnstwister is not vulnerable to
the issues outlined in this CVE.
We handle your information as outlined in our Privacy
Statement and store only the absolute minimum information about our
customers needed to facilitate the running of our service.
Software Bill Of Materials (SBOM)
dnstwister relies on a number of open source software
dependencies. For the purposes of improved security and transparency for
our customers, we are publishing that list here in CycloneDX