Security
This purpose of this page is to outline what we should put on the Security page of the Push website. The following sections are a good guide based on industry:
Non Custodial
Push retains its position as a non-custodial intermediary in all customer interactions. Push does not hold custody of any customer crypto funds acquired on the platform, instead, directly transferring assets between customer-designated wallets. Most transactions are executed without accessing a customer's wallet. If a customer does not have a wallet yet, one can be created for them on the Push platform but the wallet keys remain solely accessible to the user and are safeguarded from Push employees.
Customer data
At Push, we prioritise the security of your personal information. We employ industry-leading security measures to safeguard your data both in transit and at rest. Data in transit is protected using Transport Layer Security (TLS), ensuring that your information remains confidential as it travels across the internet. Meanwhile, data at rest is encrypted using robust algorithms, preventing unauthorised access to your sensitive information even if our systems are compromised.
Secure development
At Push, we adopt a Secure Software Development Life Cycle (SSDLC) to ensure the creation of secure and reliable software. This comprehensive approach embeds security principles throughout the entire software development process, from requirements gathering to deployment and maintenance. By integrating security considerations into each phase, we proactively identify and address potential vulnerabilities, minimizing the risk of security breaches and safeguarding customer data. Our SDLC encompasses rigorous security practices, such as code reviews, vulnerability scanning, and penetration testing, ensuring that our software adheres to industry best practices and regulatory requirements.
24x7 Security Operation Centre
At Push, we maintain a vigilant 24x7 Security Operations Center (SOC) to proactively detect and respond to potential security incidents. This dedicated team of security experts monitors our systems around the clock, analysing real-time data from a comprehensive range of security tools and applications. By continuously scanning for anomalies and suspicious activity, our SOC analysts identify and prioritize potential threats before they can cause harm. Upon detection, the SOC team swiftly initiates incident response procedures, effectively mitigating the impact of cyberattacks and safeguarding your sensitive information. Our SOC's expertise and round-the-clock availability ensure that we are always prepared to protect your data and the integrity of our systems.
Penetration Testing
At Push, we prioritise a proactive approach to cybersecurity, employing penetration testing to identify and remediate vulnerabilities before they can be exploited by malicious actors. This simulated attack methodology, conducted by our team of experienced ethical hackers, helps us uncover hidden weaknesses, mitigate risks early, enhance security posture, and maintain compliance with industry regulations. Regular pen testing is essential for safeguarding our data, infrastructure, and customer information against cyber threats.
Disclosure program
Our public bug bounty program empowers a global community of ethical hackers to proactively identify and responsibly disclose vulnerabilities in our systems. This collaborative approach strengthens our security posture by leveraging the expertise of external security researchers and expanding our vulnerability detection capabilities beyond our internal resources. By rewarding ethical hackers for their efforts, we incentivize the active search for potential security flaws, enabling us to address them promptly and effectively. The program's transparency and openness foster trust between Push and the security community, enhancing our reputation as a responsible and secure organisation.