sBizzl Security

Application Security

In-transit Encryption

Sessions between you and your portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.

TLS for sBizzl hosted sites

TLS is enabled by default on sBizzl hosted websites. You can also select the versions of TLS that are available to your site’s visitors.  Please see our Connect your domain and SSL and domain security pages for more detail.

Web Application and network firewalls

sBizzl monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the sBizzl platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.

Software development lifecycle (SDLC) Security

sBizzl implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

Datacenter Protections

Software Security

Patch management

sBizzl’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

Security incident response

sBizzl’s security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Vulnerability assessment

sBizzl tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.

Penetration testing

sBizzl leverages 3rd party penetration testing firms several times a year to test the sBizzl products and product infrastructure.

Physical security

sBizzl products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.