Industry Standards

We’ve built our app’s security from the ground up following the industry standards of OWASP (Open Web Application Security Project). They act as a seal of trust, instilling confidence and ensuring a safe, seamless user experience. ivault users also have complete control over their assets and data through a non-custodial wallet. Together, this guarantees maximum security for our users and shows our commitment to protecting each and every one of them.

How ivault follows OWASP standards:

Cryptographic standards secure user data – including private keys for non-custodial wallets – so it can’t be read or manipulated if intercepted.
Insecure Direct Object References (IDOR) prevention validates, filters and cleans all data inputs to prevent unauthorized access of user wallets and other resources.
Secure authentication and session management prevents unauthorized access.
Cross-Site Scripting (XSS) and injection attacks protection validates and cleans all data inputs and outputs to prevent attacks, such as stealing user keys or other sensitive information.
Secure and up-to-date configuration of our servers, databases, and other systems minimize the risk of a security breach.
Regular vulnerability checks and updates of our third-party libraries, frameworks, and components mitigate any potential security risks.
Avoiding unnecessary redirects and forwards – or validating them – helps to prevent phishing attacks.

We also have extra security measures for our non-custodial wallets:

Secure key storage: Users’ private keys are encrypted and securely stored on their device – not on our servers.
Biometric authentication: Optional fingerprint or face recognition or accessing the wallet.
Backup and recovery: Users can recover their assets if they lose access to their device.

PreviousKYC & AML NextRoadmap

Industry Standards

How ivault follows OWASP standards:

Cryptographic standards secure user data – including private keys for non-custodial wallets – so it can’t be read or manipulated if intercepted.
Insecure Direct Object References (IDOR) prevention validates, filters and cleans all data inputs to prevent unauthorized access of user wallets and other resources.
Secure authentication and session management prevents unauthorized access.
Cross-Site Scripting (XSS) and injection attacks protection validates and cleans all data inputs and outputs to prevent attacks, such as stealing user keys or other sensitive information.
Secure and up-to-date configuration of our servers, databases, and other systems minimize the risk of a security breach.
Regular vulnerability checks and updates of our third-party libraries, frameworks, and components mitigate any potential security risks.
Avoiding unnecessary redirects and forwards – or validating them – helps to prevent phishing attacks.

We also have extra security measures for our non-custodial wallets:

Secure key storage: Users’ private keys are encrypted and securely stored on their device – not on our servers.
Biometric authentication: Optional fingerprint or face recognition or accessing the wallet.
Backup and recovery: Users can recover their assets if they lose access to their device.

PreviousKYC & AML NextRoadmap