At StoreHippo, we take security very seriously. We take several measures and keep doing security audits from time to time to make sure your data is secure.
Server Security and Compliance
StoreHippo uses world-leading cloud providers Amazon Web Services(AWS), Microsoft Azure and Google Cloud Platform(GCP) to run our infrastructure. All the platforms have stringent rules in place against any security breach in their data centres. In terms of compliance, both platforms are heavily compliant. Some of the standards they are compliant with are:
ISO 27001: One of the most widely recognized, internationally accepted independent security standards.
ISO 27017: Cloud Security. This is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services.
ISO 27018: Cloud Privacy. This is an international standard of practice for the protection of personally identifiable information (PII) in public clouds services.
PCI-DSS: The Payment Card Industry Data Security Standard.
HIPAA: U.S. Health Insurance Portability and Accountability Act (HIPAA)
SSL provides strong protection against eavesdropping. Search Engines give priority and better SEO score to stores that have SSL enabled. StoreHippo offers free SSL certificates to all domains for its stores. Merchants can enable SSL for their entire store in no time.
Credit Card security
StoreHippo never stores credit card information on our servers. All credit card entries happen at our Payment Gateway partners who are PCI-DSS compliant.
Sensitive information like user passwords is never stored in plain text. A strong one-way encryption is used before storing the passwords in our system.
Authentication and Authorization
Any access to our backend resources must pass through an authentication and authorization module that validates the access depending upon the roles assigned to the requestor.
SQL Injection is a nasty problem in the case of RDBMS systems like MySQL. Using No-SQL database MongoDB as the storage, StoreHippo gets rid of this problem effectively.
MongoDB avoids the potential for problems by not parsing. As a client program assembles a query in MongoDB, it builds a BSON object, not a string. Thus traditional SQL injection attacks are not a problem.
Cross Scripting and HTML injection
We use the latest AngularJS for our front end which provides built-in security measures against several attacks like XSRF/CSRF. All of our themes are designed to avoid XSS attacks.