Web application firewall
Creative Force has implemented a WAF solution solution that protects mission critical services and underlying APIs from online fraud, including bot attacks and scraping, ensuring the integrity and security of client data is maintained.
Vulnerability management
Creative Fore maintains a vulnerability management policy that determines how known security bugs are prioritised and remediated.
Software development lifecycle
The iterative model (Agile) used by Creative Force is mainly opted for when all system requirements are not clear at the initial stage. It allows a project to develop the software in iterative stages where each stage adds additional functionality. This model allows you to put a functional system into the hands of the client much earlier than the waterfall method.
Responsible disclosure (Bug bounty)
Creative Force runs an internal bug bounty program. If you wish to disclose a security bug then please reach out to security (at) creativeforce (dot) team.
Quarterly vulnerability scan
Creative Force performs monthly and continuous vulnerability scans of the platform. The latest scans are made available upon request or through the Security Details section.
Employee disclosure process
All personnel have signed confidentiality clauses within their contracts prior to commencement of employment. Creative Force also has a Whistleblower policy for personnel to report concerns.
Code review process
Creative Force uses a detailed manual and automated code review approach to ensure our platform is as secure and as of the highest possible quality possible. Code is committed to staging environments for quality assurance prior to deployment on production systems.
Annual penetration test
Creative Force prioritises regular penetration testing conducted by skilled third-party experts. This proactive approach identifies and mitigates vulnerabilities before they can be exploited. Pen testing effectively strengthens our defences, safeguarding sensitive data and validates our secure coding practices. Penetration tests are conducted at least annually.