| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Ticketfy implements several security measures to protect your data:
- JWT-based authentication
- Role-based access control (RBAC)
- Session management
- Password hashing using bcrypt
- Two-factor authentication (2FA) support
- Automatic session timeout
- HTTPS/TLS encryption for all communications
- Input sanitization to prevent XSS attacks
- CSRF token protection
- SQL injection prevention
- File upload validation and scanning
- Data encryption at rest
- Regular security updates
- Automated vulnerability scanning
- Rate limiting
- IP blocking for suspicious activities
- Audit logging
- Backup and recovery procedures
We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:
- DO NOT disclose the vulnerability publicly
- Email us at [email protected] with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- Acknowledgment within 24 hours
- Regular updates on progress
- Credit for responsible disclosure
- Possible bounty rewards for critical issues
- 0-24 hours: Initial acknowledgment
- 24-48 hours: Preliminary assessment
- 48-72 hours: Detailed investigation
- 3-7 days: Fix development and testing
- 7-14 days: Patch release and disclosure
- Minimum 12 characters
- Mix of uppercase and lowercase letters
- At least one number and special character
- No common dictionary words
- No personal information
- Use unique passwords for each account
- Enable 2FA when available
- Regular password rotation
- Immediate reporting of suspicious activities
- Logout from unused sessions
- Maximum file size: 10MB
- Allowed file types:
- Images: .jpg, .png, .gif
- Documents: .pdf, .doc, .docx
- Archives: .zip (scanned for malware)
- No executable files (.exe, .bat, etc.)
- Regular dependency updates
- Code review requirements
- Static code analysis
- Security-focused testing
- Secure coding practices
- Signed commits
- Protected main branch
- Regular security audits
- No sensitive data in repositories
- Automated security scanning
- Dependency vulnerability checks
- Container security scanning
- Secure deployment procedures
Ticketfy is designed to help organizations comply with:
- GDPR
- CCPA
- HIPAA (with additional configuration)
- SOC 2
- ISO 27001
For security-related inquiries:
- Email: [email protected]
This security policy is reviewed and updated quarterly. Last update: March 2024