Security

Web Security

GMetri goes through stringent VAPT (Vulnerability and Penetration Testing) to ensure its Security is up to the mark.

This follows a well-documented security testing procedure that covers all major security standards around the globe including OWASP, SANS, CERT, PCI and ISO27001.

Apart from this GMetri also allows SAML based SSO, along with many others, to be integrated with the Metaverse experiences, adding an additional layer of security.

Encryption

Data Encryption in Transit

Encryption in transit protects the data if communication is intercepted while the data moves between the consumer and the service provider.

Forced Redirect

All GMetri endpoints have a forced redirect to https:// protocol, ensuring all data in transit remains protected.

Authenticated Endpoints

All non-public endpoints are authenticated and authorized using JWT tokens sent in request headers.

SSL Protocol

GMetri uses a TLS 1.2 certificate with a RSA 2048 bits key for its SSL encryption.

Data Encryption at Rest

This policy lists the measures taken against the usability of the data in the case of a data breach. Data encryption at rest ensures that the data is unusable in such a case.

Encryption for data in S3

All data stored in S3 is encrypted at rest using the AES-256 algorithm using SSE-S3 keys as described here: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html