Skip to main content

Athento Security Policy

Soporte L1
  • Updated

Vulnerability prevention

For the prevention of vulnerabilities, Athento takes the following measures:

  • Secure Code
  • Security Measures of the Datacenters used
  • Hardening measures
  • Antivirus Policy
  • Automated ethical hacking tests: Athento uses tools such as Detectify that perform automated security tests on the application and databases and scan assets for vulnerabilities, including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfigurations. 
  • Bug Bounty Program: Athento actively recruits ethical hackers to discover software vulnerabilities.
  • Enterprise customer penetration testing: Customers on Enterprise plans can request scheduled ethical attacks for their security teams to verify that Athento complies with the main security standards in the market. 

Risk Assessment

Athento has a self-assessment report in accordance with the Cloud Security Alliance. This report is reviewed annually. This report is only available to Athento's enterprise customers after signing an NDA.

Procedure for possible vulnerabilities

When a potential security problem is detected, Athento will take the following steps to address the issue:

  1. Assess the scope and severity of the problem.
  2. Perform a product upgrade as soon as possible that resolves the potential risk.
  3. Once the known vulnerability is detected, we will inform our customers about the update.

Security Notifications

Our team's priority is to resolve any vulnerability in the service as soon as possible. As soon as these are detected, they will be published in the Release Notes of the version with the vulnerability.

Once the potential vulnerability has been fixed, we will issue an email notification notifying customers that the vulnerability has been resolved and details on its resolution.

The email will be sent to all authorized support contacts.

In case of possible data loss, affected customers will be notified immediately, and they will be notified of the measures to be taken to resolve their situation.


Notification Severity Level

The notifications will also indicate the severity of the vulnerability resolved. The vulnerability levels are described below.

Gravity
Description
Blocker

These types of vulnerabilities can compromise the system in any of the following ways:

  • Compromise of data hosted in the cloud
  • Server compromise in production
  • There is a risk of denial of service attack (legitimate users are prevented from accessing the system due to an attack).
Critical Some of the above vulnerabilities have been detected but only at the level of the reporting customer.
Mayor All vulnerabilities that do not meet the characteristics of the two previous categories are grouped under this severity category.

How to Report Potential Vulnerabilities 

Any incident or vulnerability detected should be reported immediately through the contact mechanisms of our support service.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.