Fuzzbuzz Security Policy

Report a Security Issue

Data Center & Network Security

Fuzzbuzz hosts its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 13, and ISO 27001. See Amazon's compliance and security documents for more detailed information.

Fuzzing workloads are distributed across a multi-cloud network of virtual machines, which are hosted by Amazon Web Services, Google Cloud Services, or Digital Ocean. Their respective security and compliance documents can be viewed here:

All of Fuzzbuzz's servers are located within Fuzzbuzz's own virtual private cloud, and don't allow external connections from untrusted sources. Our software infrastructure is updated regularly with the latest security patches.

Data Security

All connections to Fuzzbuzz are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS.

All customer data is encrypted in transit with either TLS or HTTPS, and sensitive data such as deploy keys for source control tools is encrypted at rest.

Fuzzbuzz login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in Fuzzbuzz's database.

All billing information, including credit card numbers and addresses, are processed by Stripe, and never touch our servers at all. View Stripe's Security Policy for more information.

Source Code Security

Communication with your VCS to access source code is always encrypted over the wire using SSH and/or HTTPS.

Fuzzbuzz runs all builds and fuzzing jobs in isolated, single-tenant virtual machines that are destroyed when they are no longer in use.

Source code is always encrypted via TLS and SSH in transit. Source code pulled from version control systems is deleted as soon as it is no longer needed, and is never backed up. Source code uploaded to Fuzzbuzz via a zip file is encrypted at rest.

Have a security concern about Fuzzbuzz?

Please let us know if you have found a vulnerability in Fuzzbuzz, or if you have any concerns, by sending us an email at security@fuzzbuzz.io.