Vinta's Playbook

Plans and practices

contact us

Security

Security is no easy topic to talk about. There are many ways to explore vulnerabilities in a web site. To address that we follow security guidelines and use well known and tested tools to reduce risks. Although writing code that is robust and tested against vulnerabilities is essential for secure applications, it's well known that social engineering is many times the weakest link in the chain. For that, we enforce tools and practices that tackle this kind of problem.

2-factor Authentication

From servers to email, wherever possible we require the use of 2-factor auth.

Password Managers

Every password should be generated randomly and managed by a tool. Humans are not good in neither of these tasks. Everyone in the team is required to create and store passwords using LastPass.

Encrypting Sensitive Messages

Every once in a while it's necessary to transfer security sensitive information such as passwords to clients. Use GPG to encrypt that kind of information before sending it through insecure channels (a.k.a. any non physical medium).

Linux Users. We recommended GPA, a graphical interface for GnuPGP. Follow this tutorial to install and learn the basics.

Mac Users. PGP tools is easy to install and use.

Back to the Playbook

We’d love to work with you.

We've worked with a rich variety of clients. Building from simple to complex architectures. Each one with its own problems and challenges.

Let's Build Something Together

Do you need more information about Vinta?

Please contact us at: contact@vinta.com.br and follow us on Twitter.

This work is licensed under a Creative Commons License.Creative Commons License