// Security

Security & Trust

Security is at the core of everything we do. As a cybersecurity platform, we hold ourselves to the highest standards to protect your data and ensure the integrity of your vulnerability assessments.

// Authentication

Authentication & Access Control

Enterprise-grade authentication mechanisms to protect your account and data

JWT-Based Authentication

JSON Web Tokens with secure refresh token rotation for session management. Cryptographically signed with automatic expiration.

bcrypt Password Hashing

All passwords hashed with bcrypt and appropriate cost factors. No plaintext storage, adaptive algorithm for brute-force protection.

Multi-Factor Authentication

Optional TOTP-based MFA with your preferred authenticator app and backup codes for account recovery.

Rate Limiting & CSRF Protection

Built-in rate limiting and CSRF protection headers prevent brute-force and cross-site request forgery attacks.

// Data Protection

Data Protection

Your vulnerability data is sensitive — we treat it with the utmost care

Encryption in Transit

TLS 1.3 with strong cipher suites across the entire platform. HTTPS enforced with HSTS headers.

Secure Cloud Infrastructure

Hosted on AWS with security groups, VPCs, and encryption services to protect data at rest and in transit.

WAF & DDoS Protection

Cloudflare WAF blocks SQL injection, XSS, and OWASP Top 10 threats. Enterprise-grade DDoS mitigation ensures availability.

Data Isolation & Audit Logging

Strict data isolation per organization. Comprehensive audit logs track all significant actions for compliance and forensic analysis.

// Compliance

Compliance & Certifications

Meeting the standards your organisation requires

CSA STAR Level 1

Self-assessed against the Cloud Security Alliance's Cloud Controls Matrix. Our CAIQ is published on the CSA STAR Registry.

OWASP Top 10 Mapping

Scan findings are mapped to OWASP Top 10 categories so your team can prioritise remediation against a well-understood risk framework.

Data Residency

All customer data is stored in AWS with encryption at rest and in transit. Strict data isolation between organisations with comprehensive audit logging.

// Continuous Security

We Practice What We Preach

As a vulnerability scanning platform, our security program includes:

  • Regular security assessments of our own infrastructure and application
  • Dependency scanning and timely patching of known vulnerabilities
  • Secure development practices with code review requirements
  • Continuous monitoring for suspicious activity and anomalies
  • Incident response procedures for rapid threat mitigation
  • Regular backups with tested recovery procedures
// Vulnerability Disclosure

Report a Vulnerability

Found a security issue? We take every report seriously. Send details to security@lunatech.xyz and we'll acknowledge receipt within 2 business days.

We publish a security.txt file and maintain a full Vulnerability Disclosure Policy covering safe harbour protections, scope, and response timelines.

Start Securing Your Applications

Join organizations that trust Luna to identify vulnerabilities before attackers do.

Start Your Free Trial →