Security & Trust

Security is at the core of everything we do. As a cybersecurity platform, we hold ourselves to the highest standards to protect your data and ensure the integrity of your vulnerability assessments.

Authentication & Access Control

Enterprise-grade authentication mechanisms to protect your account and data

JWT-Based Authentication

We use JSON Web Tokens (JWT) with secure refresh token rotation for session management. Tokens are cryptographically signed and include automatic expiration to minimize the window of vulnerability.

bcrypt Password Hashing

All passwords are hashed using bcrypt with appropriate cost factors before storage. We never store plaintext passwords, and bcrypt's adaptive algorithm ensures protection against brute-force attacks.

Multi-Factor Authentication

Optional TOTP-based multi-factor authentication adds an extra layer of security. Generate codes with your preferred authenticator app and backup codes for account recovery.

Rate Limiting & CSRF Protection

Built-in rate limiting protects against brute-force and denial-of-service attacks. CSRF protection headers prevent cross-site request forgery attacks on authenticated sessions.

Data Protection

Your vulnerability data is sensitive - we treat it with the utmost care

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites. We enforce HTTPS across our entire platform with HSTS headers.

Secure Cloud Infrastructure

Our platform is hosted on AWS with industry-leading security practices. We leverage AWS security groups, VPCs, and encryption services to protect your data at rest and in transit.

Web Application Firewall

Cloudflare's WAF protects our platform against common web attacks including SQL injection, XSS, and other OWASP Top 10 threats. Malicious requests are blocked before reaching our servers.

DDoS Protection

Enterprise-grade DDoS mitigation through Cloudflare's global network absorbs and filters volumetric attacks, ensuring platform availability even during large-scale attack attempts.

Bot Protection

Advanced bot management detects and blocks malicious automated traffic while allowing legitimate users and APIs. Turnstile CAPTCHA provides friction-free human verification during registration.

Audit Logging

Comprehensive audit logs track all significant actions within your organization. Monitor user activity, configuration changes, and security events for compliance and forensic analysis.

Data Isolation

Each organization's data is logically isolated with strict access controls. Your vulnerability findings, targets, and scan results are never accessible to other customers.

Continuous Security

We continuously improve our security posture through testing and monitoring

As a vulnerability scanning platform, we understand the importance of practicing what we preach. Our security program includes:

  • Regular security assessments of our own infrastructure and application
  • Dependency scanning and timely patching of known vulnerabilities
  • Secure development practices with code review requirements
  • Continuous monitoring for suspicious activity and anomalies
  • Incident response procedures for rapid threat mitigation
  • Regular backups with tested recovery procedures

Security Questions or Concerns?

We take security seriously. If you have questions about our security practices or want to report a vulnerability, please get in touch.

Contact Us

Start Securing Your Applications

Join organizations that trust Luna. to identify vulnerabilities before attackers do.

Start Your Free Trial