Security Practices

Last Updated: Sep 08 2022

Data Security

BuyTheSell encrypts data at rest and in transit for all our customers using the industry standard encryption methodology. All encryption keys are securely store using Azure Key Vault

Application Security

BuyTheSell regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the running application and deployed environments. They follow OWASP Testing Guide v4 methodology. All vulnerabilities are rated according to the Common Vulnerabilities and Exposures (CVE) system.

BuyTheSell also uses the following automated tools to scan our code base:

• Secrets Scanner
• Dependency Vulnerabilities
• Static Code Analyzers

These tools are integrated into every step of the development process to ensure we are securing our product.

Infrastructure Security

BuyTheSell uses Microsoft Azure to host our application. We make full use of the security products embedded within the Azure ecosystem, including Azure Monitor, Workload Protectoin and Microsoft Defender for Cloud.

In addition, we deploy our application using containers run on Azure App Services, meaning we do not manage and VM instances in production.