BETA Test Server Security

At audad, the security and confidentiality of your data is our highest priority. This document outlines the fundamental, layered security architecture we have deployed to protect your sensitive information.

Our approach is characterized by isolation, strict access control, reduced exposure time, and proactive, continuous validation of our systems.

Infrastructure Security with Hetzner

Our application is hosted on dedicated infrastructure with Hetzner, a German-based data center provider. We chose Hetzner for several key reasons: they maintain high physical security standards and operate under strict German and European data privacy laws. Furthermore, Hetzner’s hardware reliability and network stability minimize the risk of hardware-related breaches and is consistently protected by enterprise-grade infrastructure.

Single-tenant environment

Unlike multi-tenant environments where multiple clients share the same underlying compute resources, your instance is logically and physically isolated. This architecture prevents the risk of data leakage or unauthorized access that can occur in shared environments, ensuring a strong, customized, and dedicated security perimeter around your information.

Access with IP Whitelisting

To ensure only authorized users and devices ever interact with your data, we employ strict IP Whitelisting. This means we will configure the server to only accept connections from a pre-approved list of IP addresses (e.g., your office network or specific remote access points). Any connection attempt originating from an unlisted IP address—even with the correct credentials—will be automatically and instantly blocked at the network level. This powerful, foundational measure drastically reduces our exposure to unauthorized access, giving you maximum control over your data’s perimeter.

Scheduled Uptime

To offer the upmost protection for the data you upload, we employ a security measure called Scheduled Uptime. Your dedicated BETA server will only be operational during specific business hours. Outside of this window, the server is automatically powered down. This significantly reduces the window of opportunity for attackers, ensuring your critical policies and standards are safe and inaccessible when not in active use.

Security Assessment

audad has undergone rigorous security validation utilizing industry-standard tooling that incorporate two primary testing paradigms: Static and Dynamic Analysis.

Static Application Security Testing (SAST)

SAST is a proactive measure that involves analyzing the application’s source code without executing the program.

It functions as an automated code audit, meticulously examining the structure and syntax for common security defects, such as hardcoded credentials or insecure function calls, directly within the development files.

By identifying flaws at the source code level, the test ensures that the fundamental security architecture and design of the application are sound, that risks will be mitigated early in the Software Development Life Cycle (SDLC). The test validates that the code’s “blueprints” adhere to established security coding standards.

Dynamic Application Security Testing (DAST)

DAST is a reactive assessment conducted against the running application in a live environment. The test simulates a controlled, adversarial attack by sending malicious or non-standard data inputs to all live endpoints (URLs). It evaluates the application’s response to unauthorized access attempts, injection vectors, and configuration weaknesses.

This process validates the application’s runtime resilience and access control mechanisms. It confirms that vulnerabilities, such as unauthenticated access to sensitive data or the successful exploitation of injection flaws, are prevented under operational load. It verifies that the application is adequately secured when interacting with external systems and users.

This combined approach ensures that potential security vulnerabilities are addressed both at the code foundation (SAST) and within the operational environment (DAST), resulting in a higher confidence level regarding the application’s overall integrity and confidentiality.

Secure Communication with TLS 1.2/1.3

Encryption of data in transit is enforced using industry-standard protocols, specifically Transport Layer Security 1.2/1.3 which makes it virtually impossible for eavesdroppers or unauthorized parties to read or intercept the information during transmission.

Infrastructure-Level Encryption

To provide a robust security baseline, we ensure your documents and proprietary information are protected by Infrastructure-Level Encryption. This means that every piece of data you upload is automatically encrypted using industry standard algorithms the moment it is written to the physical storage drives within our data center. This layer of security is managed by the infrastructure itself, providing protection before the application even handles the files. Should a storage device ever be physically accessed or removed, the raw data on it remains scrambled and unreadable without the specific decryption key, making the confidentiality of your documentation absolute.

Should you have further questions do not hesitate to contact us.