Page cover image

Industry Standards

We’ve built our app’s security from the ground up following the industry standards of OWASP (Open Web Application Security Project). They act as a seal of trust, instilling confidence and ensuring a safe, seamless user experience. ivault users also have complete control over their assets and data through a non-custodial wallet. Together, this guarantees maximum security for our users and shows our commitment to protecting each and every one of them.

How ivault follows OWASP standards:

  • Cryptographic standards secure user data – including private keys for non-custodial wallets – so it can’t be read or manipulated if intercepted.

  • Insecure Direct Object References (IDOR) prevention validates, filters and cleans all data inputs to prevent unauthorized access of user wallets and other resources.

  • Secure authentication and session management prevents unauthorized access.

  • Cross-Site Scripting (XSS) and injection attacks protection validates and cleans all data inputs and outputs to prevent attacks, such as stealing user keys or other sensitive information.

  • Secure and up-to-date configuration of our servers, databases, and other systems minimize the risk of a security breach.

  • Regular vulnerability checks and updates of our third-party libraries, frameworks, and components mitigate any potential security risks.

  • Avoiding unnecessary redirects and forwards – or validating them – helps to prevent phishing attacks.

We also have extra security measures for our non-custodial wallets:

  • Secure key storage: Users’ private keys are encrypted and securely stored on their device – not on our servers.

  • Biometric authentication: Optional fingerprint or face recognition or accessing the wallet.

  • Backup and recovery: Users can recover their assets if they lose access to their device.