Our engineering process prioritizes security assessments from the Epic/Grooming phase until the application goes live. The code review process adheres to the 'four-eye' principle, involving multiple teams in reviewing code before merging into release and master branches. We integrate a security scanning tool for static code assessment into our continuous integration (CI) process, addressing identified bugs before production rollout. Additionally, we engage a reputable third party to conduct application security assessments using advanced testing methodologies.

To prevent any traffic leakage from the VPN tunnel, BokorVPN has developed open-source tools designed to test for leakages, conveniently accessible on our website.

Components of client-side applications running in privilege mode for essential functionality, such as adding firewall rules, undergo protection measures, including memory protection, strong authentication, and permitting only authorized actions to non-privileged users.

Our automated vulnerability management program conducts weekly scans, addressing reported vulnerabilities promptly. Any ad hoc vulnerabilities reported randomly undergo testing and swift resolution across the entire infrastructure. Our employees subscribe to CVE announcements for all in-production software to bolster the Vulnerability Management Program. Furthermore, policy compliance scans are regularly scheduled to monitor security baseline configurations continuously.

We've deployed an intrusion detection and prevention system across our infrastructure and cloud assets to proactively counteract attacks and receive timely alerts for potentially malicious events. All traffic is directed through a Web Application Firewall, effectively mitigating platform attacks such as DDoS and web application attacks.

BokorVPN has instituted a comprehensive penetration testing program. Our employees are tasked with penetration testing our infrastructure and apps during engineering streams. Additionally, a trusted third-party firm is engaged to conduct thorough testing across all platforms.

At BokorVPN, our application and infrastructure deployment is entirely automated, eliminating the human element from the process. International security benchmarks are integral to our security baseline configuration at BokorVPN. We deploy hardened images using automated configuration management tools.

All firewalls are set to deny traffic by default, allowing only authorized protocols and intended traffic after undergoing the change assessment process.

For relevant tasks, dedicated workstations are utilized to access production systems, ensuring they are hardened for specific functions. This approach enables us to deliver optimal services to our users with embedded quality and security assurance. All services and operations operate under the least privileged model to minimize the attack surface.

Monitoring agents are incorporated into the configuration baseline to ensure automated compliance and integrity of critical files.

Our web architecture is segregated, with website servers devoid of hosting any data and having no direct access to databases. We adhere to best practices by implementing API gateways with limited exposure, allowing only intended data views. The attack surface is further minimized by restricting consumer interaction with business logic.

Users are prohibited from exporting any personally identifiable information of consumers. User systems are subject to a device security policy, utilizing predefined hardened images.

Endpoint security controls are in place to counteract the spread of malware and host system attacks. Rigorous URL monitoring ensures the blocking of potentially malicious sites.

Regular system patching is carried out through an automated tool. Endpoint security features include host-based network firewalls, intrusion detection and prevention systems, security baseline benchmarking, application control, restricted access to removable storage, privilege ID control, and ongoing host monitoring through a centralized solution.

All personnel, encompassing both employees and contractors, actively participate in the BokorVPN security awareness program from the moment they join the company until they pursue opportunities beyond BokorVPN. We prioritize ensuring that all employees and contractors comprehend the security requirements at BokorVPN, emphasizing that cybersecurity is an integral aspect of their work philosophy.

Given our global customer base, it is imperative that our employees, suppliers, and contractors grasp the significance of cybersecurity measures in safeguarding customer data. We meticulously screen our employees and contractors against both human and technical security requirements, including assessing the security clearance of employees and verifying third-party security compliance certificates for vendors and partners.