Security of the code, product, and human resources is one of our top priorities. We develop Abaris and Abaris Multi-Vendor to be compliant with industry data protection standards such as PCI DSS and GDPR.
We do care about the security of the product and implement functionality that protects your store or marketplace from unauthorized access and data breach. Building your eCommerce website on Abaris, you can be sure your customers’ and your own data is safe.
PCI is a set of strict security standards relating to storage, processing, or transaction of credit card data, developed by the leading payment brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The standard was created to increase controls around cardholder data to reduce credit card fraud. Abaris meets PCI DSS requirements.
The General Data Protection Regulation’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR also regulates the transfer of personal data outside the EU and EEA areas. Abaris is GDPR-compliant out of the box.
Code security and protection from unauthorized access and attacks. This what Abaris is about. We implemented special procedures and coding techniques to the development process and security means to the product itself to make the platform super safe.
Abaris doesn’t store passwords—password hash only. All the sensitive data is encrypted.
If the core files of your Abaris installation are modified, you will immediately know about that.
You can set a custom admin panel web address so that only you and your staff know it. That greatly reduces the risk of penetration.
You can set the minimum password length and how long it will work. Once the password expires it has to be reset.
The logging system will tell you if there were any brute force attempts.
Every session is assigned to its user agent. If the user agent changes during the session, the session becomes invalid.
Abaris Multi-Vendor feature a powerful user role system out of the box. If you have several departments like the sales team, support team, designers, content makers, and other employees, you can allow each team to only access the features they work with and restrict them from accessing functionality they don’t use.
In Abaris Multi-Vendor, you can backup and restore all the data including the database. You can even set up automatic data backup via CRON. Full data export is also available out of the box.
You have full access to the source code of Abaris and Multi-Vendor. You can read, modify, and control it.
Abaris and Multi-Vendor feature built-in Google reCAPTCHA.
Multi-Vendor has the vendor data pre-moderation function that allows you to view, approve, or disapprove vendors and their content and products before they appear on the marketplace.
Our senior developers and cybersecurity specialists analyze Abaris’s code on a regular basis to make sure there are no flaws and coding patterns that can be potentially insecure. Every development task goes through the code review procedure.
Abaris has built-in means of sensitive data encryption. For data transfer, it fully supports secure data transfer channels. At rest, the sensitive data is stored and encrypted in the database.
Abaris has built-it protection from SQL-injections (SQLi), cross-site scripting (XSS), and cross-site request forgery (CSRF)
We care about the security of our human resources and the company in general. This is as important as the security of the product itself. Our employees are well-trained in terms of security and data protection, and the tools we use every day are kept up to date.
We have a set of corporate security rules that every employee must strictly follow without exceptions.
Once a year we perform a security audit in the company and make sure all the employees follow the security policy.
Every employee signs these documents personally.
We perform a code review procedure for every task and use code analyzing scripts. Those scripts scan the code and discover code fragments that can be potentially insecure. Based on this data, we train our programmers to code securely.
If a vulnerability is detected, we eliminate it in 3 steps:
Every tool that we use in our everyday routine—from the development tools to the corporate messenger—we keep up-to-date.
Our internal resources are heavily protected from penetration.
We use specialized enterprise-grade services to share and store passwords.
Our corporate accounts are protected with 2-factor authorization—this is obligatory for every employee.