# Security ## Web Security GMetri goes through stringent VAPT (Vulnerability and Penetration Testing) to ensure its Security is up to the mark. This follows a well-documented security testing procedure that covers all major security standards around the globe including OWASP, SANS, CERT, PCI and ISO27001. Apart from this GMetri also allows SAML based SSO, along with [many others](/metaverse/publishing/authentication.md), to be integrated with the Metaverse experiences, adding an additional layer of security. ## Encryption ### Data Encryption in Transit Encryption in transit protects the data if communication is intercepted while the data moves between the consumer and the service provider. #### Forced Redirect All GMetri endpoints have a forced redirect to https\:// protocol, ensuring all data in transit remains protected. #### Authenticated Endpoints All non-public endpoints are authenticated and authorized using JWT tokens sent in request headers. #### SSL Protocol GMetri uses a TLS 1.2 certificate with a RSA 2048 bits key for its SSL encryption. ### Data Encryption at Rest This policy lists the measures taken against the usability of the data in the case of a data breach. Data encryption at rest ensures that the data is unusable in such a case. #### Encryption for data in S3 All data stored in S3 is encrypted at rest using the AES-256 algorithm using SSE-S3 keys as described here: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gmetri.com/platform/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.