# Industry Standards We’ve built our app’s security from the ground up following the industry standards of OWASP (Open Web Application Security Project). They act as a seal of trust, instilling confidence and ensuring a safe, seamless user experience. ivault users also have complete control over their assets and data through a non-custodial wallet. Together, this guarantees maximum security for our users and shows our commitment to protecting each and every one of them. How ivault follows OWASP standards: * **Cryptographic standards** secure user data – including private keys for non-custodial wallets – so it can’t be read or manipulated if intercepted. * **Insecure Direct Object References (IDOR) prevention** validates, filters and cleans all data inputs to prevent unauthorized access of user wallets and other resources. * **Secure authentication and session management** prevents unauthorized access. * **Cross-Site Scripting (XSS) and injection attacks protection** validates and cleans all data inputs and outputs to prevent attacks, such as stealing user keys or other sensitive information. * **Secure and up-to-date configuration** of our servers, databases, and other systems minimize the risk of a security breach. * **Regular vulnerability checks and updates** of our third-party libraries, frameworks, and components mitigate any potential security risks. * **Avoiding unnecessary redirects and forwards** – or validating them – helps to prevent phishing attacks. We also have extra security measures for our non-custodial wallets: * **Secure key storage**: Users’ private keys are encrypted and securely stored on their device – not on our servers. * **Biometric authentication**: Optional fingerprint or face recognition or accessing the wallet. * **Backup and recovery**: Users can recover their assets if they lose access to their device. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.ivault.io/security-and-privacy/industry-standards.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.