Get a free scan of your site
weakless is using crowdsourcing techniques to harness real time data from our customers to better understand the global attack landscape in order to improve your web application security.
Our security team performs penetration testing using the weakless algorithm ® to find security vulnerabilities and any possible threat.
We analyze the users behavior on your website and when we find anomalies, our algorithm process the activity and detect possible threat.
Our notification system will make sure that you know if something goes wrong. so you can take immediate action.
weakless employees must pass a criminal background check as part of the hiring process. We use separate passwords and two factor authentication with each device and service. Employees are required to encrypt their hard drives, utilize strong passwords, and enable screen locking.
We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks. We rate limit a variety of actions on the site (login attempts, etc). We whitelist attributes on all models to prevent mass-assignment vulnerabilities.
We hash passwords stored in the database (using bcrypt with a cost factor of 10). We check for strong passwords on account creation and password reset. Application credentials are kept separate from the database and code base.