Modurn Security 

Modurn utilises AWS services EC2 for server hosting and RDS for database hosting, safeguarded by the following technologies:

​

• Security Groups: AWS security groups (SGs) are linked to EC2 instances, providing security at the protocol and port access level. Each security group functions similarly to a firewall, containing a set of rules that filter traffic to and from an EC2 instance. Unlike network access control lists (NACLs), there are no “Deny” rules; any data packet that lacks an explicit permit will be discarded.

• Access to the instance is only permitted with a secured ".pem” file.

• ModUrn has set up our internal database security group to allow access exclusively from the instance. Our databases are not publicly accessible; users must first log into our instance via SSH, and then enter their database credentials to gain access.

• The REST API is secured with a token-based authentication system, ensuring that user data cannot be accessed without the appropriate token. This access token is created using a SHA1 protected hash during the login process. The token is deleted upon logout and a new one is generated at the next login. Modurn has implemented Middleware, an extra layer above the application layer, to authenticate the access token.

• User passwords are stored using a hashing algorithm. The Laravel Hash facade provides secure Bcrypt and Argon2 hashing methods for password storage. Even programmers cannot re-hash the password using the salt.

• For image hosting, Modurn employs the AWS S3 service to store user images, life story images, and other files. The S3 bucket is secured using an API key and Secret.