All of Korus Ticket's public endpoints are protected behind a Web Application Firewall (WAF), that provides the following security measures:
- Rejection of malicious requests
- Blockage of requests exploiting Web application vulnerabilities
- Blockage of requests issued from suspicious IP addresses
- DDOS protection
Communication between users and the Korus Ticket APIs are encrypted using publicly trusted TLS certificates supporting strong encryption and hashing algorithms.
We automatically update all of our software, packages and servers to guarantee the security of the components running the Korus Ticket APIs. Servers are configured to only contain the packages required to run our applications therefore minimising the attack surface.
Every code change submitted to the Korus Ticket APIs is scanned for vulnerabilities and malicious packages. The code is also submitted a human review and must pass non-regression tests before deployment.