Security Features

Ziggby prioritizes the security and privacy of our users, which is why we have implemented robust security measures throughout the platform. These built-in features are designed to protect both user data and transactions from common vulnerabilities.

Core Security Features

1. Password Hashing

   • Ziggby uses industry-standard algorithms like Bcrypt to securely hash passwords, ensuring that attackers cannot access plain-text credentials.

2. Cross-Site Request Forgery (CSRF) Protection

   • We add CSRF tokens to forms and requests to verify the authenticity of each request, protecting against malicious CSRF attacks.

3. SQL Injection Protection

   • By employing PDO binding and escape tags, Ziggby prevents SQL injection attempts, ensuring secure data processing.

4. Session Management

   • Ziggby provides secure session management, including encrypted sessions, to help protect user activity and data integrity.

5. Authentication System

   • Handles secure user registration, login, and password resets, ensuring a safe and reliable authentication process for all users.

6. Logging

   • Customizable logging capabilities allow for efficient detection and response to suspicious activities, enhancing overall security.

7. Sanctum Authentication

   • A hybrid web/API authentication system, Sanctum ensures secure and seamless user access, both through the web and APIs.

Additional Security Features

• Cross-Site Scripting (XSS) Protection: Sanitizes user inputs to protect against malicious scripts.
• Mass Assignment Protection: Prevents unauthorized data overwriting during data binding.
• Encryption: Data is encrypted to ensure security both in storage and during transmission.
• Hashing: Sensitive data is hashed to further secure user information.
• Rate Limiting: Controls the number of requests made to the platform to prevent brute-force attacks.
• File Upload Security: Secure validation checks for file uploads to ensure that only safe files are allowed.
• Input Validation: Enforces strict validation rules to prevent malicious data entry.
• Automatic Security Updates: Our platform automatically updates to address emerging vulnerabilities and provide the latest security patches.

PCI-DSS Compliance (via Stripe)

Ziggby leverages Stripe for secure payment processing, which is fully compliant with PCI-DSS standards. This means all payment information is handled securely and in accordance with industry best practices, ensuring that sensitive financial data is protected during transactions.

Single Sign-On (SSO) with SAML Authentication

For businesses and enterprise clients, Ziggby supports Single Sign-On (SSO) integration via SAML. This feature enables seamless authentication across various enterprise systems, offering an efficient and secure way for users to log in without managing multiple credentials. SSO minimizes security risks and enhances user convenience, while providing centralized control over user access.