Check out what's new! Visit the blog

Snipe-IT is Security-First

From our software to our platform, security is number one.

Security Overview

At Grokability, we don't just care about security to check boxes on a compliance form. We are passionate about security. It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on Snipe-IT, to the core of our company culture. Like the layers of the OSI model, each layer at Grokability is important on its own, but also vital to the overall system.

Security in Our Software

In addition to providing you with configurable options for securing user accounts and access, Snipe-IT implements best-practices security for application design to prevent common attacks. Whether you host Snipe-IT yourself or you sign-up for our affordable hosting plans, you benefit from these features.

  • Two-Factor Authentication with Google Authenticator
  • One-way secure password hashing with bcrypt
  • Encrypted fields secured via with AES-256 encryption via OpenSSL
  • Granular user-roles restricting access
  • Option to enforce HTTPS-only cookies
  • Cookie options for HttpOnly and encryption
  • CSRF protection using form tokens
  • SQL injection prevention using prepared statements
  • Input validation and output sanitization to prevent XSS
  • Option to enforce password minimum requirements
  • Option to prevent common passwords
  • Brute force prevention on login attempts
  • Middleware to enforce nosniff and SAMEORIGIN X-Frame-Options
  • Middleware to enforce a Content Security Policy (CSP)

Security in Our Process

Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.

  • Static code analysis on every commit via Codacy and Sensiolabs
  • Automated blocking of dependencies with known security advisories
  • Continuous integration via Travis-CI
  • In-depth code reviews

Security in Our Platform

Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.

  • All connections secured via TLS 1.2 or higher
  • Best-practice security features such as firewalls and brute-force prevention
  • No multi-tenancy. Each customer has their own database.
  • Encrypted databases and drives
  • Customers are hosted in a data center in their own region
  • Enforced data retention policy of 3 months
  • Snapshots and individual data backups, tested regularly
  • Critical services are not accessible to the outside world
  • Code runs in tightly restricted domain environments
  • SSH access through whitelisted IPs via secure VPN only
  • IAM security profiles with two-factor authentication for our administrators
  • Detailed continuous system monitoring

Security in Our Company

We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.

  • Well-established security policy reviewed quarterly
  • Ongoing technical security training for engineers
  • Security awareness training for all employees
  • Technical and administrative controls enforcing least-privilege
  • Quarterly access-control review for Grokability admins

Sign-up for a hosted account and get premium support!

Hosted accounts get secure, reliable hosting with top-notch support and preferred priority for feature requests.