Security

Encryption

• At rest: AES-256 encryption for all stored data
• In transit: TLS 1.3 for all API and data transfer connections
• Key management: Keys managed via hardware security modules (HSMs)

Access Controls

• RBAC: Role-based access control with granular permissions
• MFA: Multi-factor authentication required for all accounts
• SSO: SAML 2.0 and OIDC support for enterprise SSO
• API Keys: Scoped API keys with expiration and rotation

Infrastructure Security

• Network: VPC isolation, WAF protection, DDoS mitigation
• Monitoring: 24/7 security monitoring with automated alerting
• Scanning: Continuous vulnerability scanning and annual penetration tests
• Backups: Encrypted backups with geographic redundancy

Compliance

API Key Best Practices

• Never hardcode API keys in source code
• Use environment variables or a secrets manager
• Rotate keys regularly (at least every 90 days)
• Use scoped keys with minimum required permissions
• Monitor API key usage for anomalous patterns

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@scriptnetwork.com. We respond to all reports within 24 hours.