Your sensitive IT data deserves enterprise-grade protection. We've built security into every layer of IT Folder, exceeding banking-industry standards.
Multi-layered security architecture designed to protect your most sensitive IT data.
Military-grade AES-256 encryption for all data at rest. Each sensitive field gets its own dedicated encryption key, automatically managed and rotated.
Multiple options including authenticator apps, passkeys, email codes, and recovery codes. Passkeys provide phishing-resistant authentication.
Enterprise SSO support plus login with Google, Microsoft, and GitHub. Centralize access control with your existing identity system.
Server-side sessions with automatic expiry. Short-lived access tokens and automatic logout. Maximum 5 concurrent sessions per user.
Industry-standard password hashing with multiple layers of protection. Account lockout after 5 failed attempts prevents brute force attacks.
Intelligent rate limiting on all operations. Custom limits on sensitive actions like login and password reset to prevent abuse.
Multiple layers of authentication to ensure only authorized users access your data.
Google Authenticator, Authy, and other authenticator apps
Passwordless authentication with biometrics or security keys
One-time codes sent to verified email addresses
Backup codes for account recovery
Single sign-on with your identity provider
5 failed attempts triggers 30-minute lockout
Industry-standard HTTP security headers protect against common web vulnerabilities.
Nonce-based CSP (no unsafe-inline)
HSTS with preload
DENY - prevents clickjacking
nosniff - prevents MIME sniffing
strict-origin-when-cross-origin
Browser XSS filter enabled
IT Folder is fully compliant with the OWASP Top 10:2025 security risks.
| Category | Risk | Status | Implementation |
|---|---|---|---|
| A01 | Broken Access Control | Pass | RBAC, tenant isolation, BOLA/IDOR tests, SSRF protection |
| A02 | Security Misconfiguration | Pass | CORS validated, security headers enforced, CSP with nonces |
| A03 | Supply Chain Failures | Pass | pip-audit, Grype/Syft SBOM, pinned dependencies |
| A04 | Cryptographic Failures | Pass | PBKDF2 100K rounds, PyJWT, AWS KMS, TLS 1.3 |
| A05 | Injection | Pass | Semgrep + Bandit scans, parameterized queries, SQLAlchemy ORM |
| A06 | Insecure Design | Pass | Current password required for changes, admin reset with session revocation |
| A07 | Authentication Failures | Pass | MFA (TOTP/Passkey/Email), account lockout, rate limiting |
| A08 | Data Integrity Failures | Pass | No pickle/eval usage, safe YAML loading, signed cookies |
| A09 | Security Logging Failures | Pass | AuthLogger with security events, PII redaction |
| A10 | Improper Error Handling | Pass | Sanitized error responses, no stack traces exposed |
IT Folder meets or exceeds security controls required by financial institutions.
| Security Control | Status |
|---|---|
|
Session Management
Redis-backed, server-side validation |
Exceeds |
|
CSRF Protection
Double Submit + Redis hash + Origin validation |
Exceeds |
|
Token Rotation
Automatic rotation with 60s grace period |
Exceeds |
|
Multi-Factor Auth
TOTP, Passkey, Email OTP, Recovery codes |
Exceeds |
| Security Control | Status |
|---|---|
|
Cookie Security
HMAC-SHA256 signed, HttpOnly, Secure |
Meets |
|
Session Fixation
New session ID on MFA promotion |
Meets |
|
Audit Logging
All auth events with PII redaction |
Meets |
GDPR-compliant data handling with privacy-first architecture.
No fingerprinting, masked IPs. We collect only what's necessary for the service.
All data stored in secure US West Coast data centers with Amazon Aurora replication.
Comprehensive security event logging with automatic PII redaction.
Every tenant gets isolated, encrypted storage with enterprise-grade backup and recovery.
Each tenant has their own encrypted S3 bucket for documents and files.
Continuous replication across multiple Availability Zones.
Automated daily snapshots with point-in-time recovery.
All data encrypted in transit with the latest TLS standard.
We continuously test our security with industry-standard tools:
Static analysis with 13 custom rules
Python security linter
Dependency vulnerability scanning
Container security scanning
Start your 14-day free trial and experience enterprise-grade security.