We do care about the security of the product and implement functionality that protects your store or marketplace from unauthorized access and data breach. Building your eCommerce website on Abaris, you can be sure your customers’ and your own data is safe.
PCI DSS Compliance
PCI is a set of strict security standards relating to storage, processing, or transaction of credit card data, developed by the leading payment brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The standard was created to increase controls around cardholder data to reduce credit card fraud. Abaris meets PCI DSS requirements.
GDPR Compliance
The General Data Protection Regulation’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR also regulates the transfer of personal data outside the EU and EEA areas. Abaris is GDPR-compliant out of the box.
Safe data storage
Abaris doesn’t store passwords—password hash only. All the sensitive data is encrypted.
File system consistency check
If the core files of your Abaris installation are modified, you will immediately know about that.
Unique admin panel address
You can set a custom admin panel web address so that only you and your staff know it. That greatly reduces the risk of penetration.
Password strength and lifetime control
You can set the minimum password length and how long it will work. Once the password expires it has to be reset.
Authorization attempts control
The logging system will tell you if there were any brute force attempts.
Session protection
Every session is assigned to its user agent. If the user agent changes during the session, the session becomes invalid.
Flexible user role system
Abaris Multi-Vendor feature a powerful user role system out of the box. If you have several departments like the sales team, support team, designers, content makers, and other employees, you can allow each team to only access the features they work with and restrict them from accessing functionality they don’t use.
Data backup, restore, and export
In Abaris Multi-Vendor, you can backup and restore all the data including the database. You can even set up automatic data backup via CRON. Full data export is also available out of the box.
Open source code
You have full access to the source code of Abaris and Multi-Vendor. You can read, modify, and control it.
Built-in spam filter
Abaris and Multi-Vendor feature built-in Google reCAPTCHA.
Data pre-moderation
Multi-Vendor has the vendor data pre-moderation function that allows you to view, approve, or disapprove vendors and their content and products before they appear on the marketplace.
Secure coding and regular in-house penetration testing
Our senior developers and cybersecurity specialists analyze Abaris’s code on a regular basis to make sure there are no flaws and coding patterns that can be potentially insecure. Every development task goes through the code review procedure.
Secure data transfer channels support
Abaris has built-in means of sensitive data encryption. For data transfer, it fully supports secure data transfer channels. At rest, the sensitive data is stored and encrypted in the database.
Protection from hacker attacks
Abaris has built-it protection from SQL-injections (SQLi), cross-site scripting (XSS), and cross-site request forgery (CSRF)
Company security policy
We have a set of corporate security rules that every employee must strictly follow without exceptions.
Employee security training
Once a year we perform a security audit in the company and make sure all the employees follow the security policy.
Non-disclosure agreement and security policy
Every employee signs these documents personally.
Security coding training
We perform a code review procedure for every task and use code analyzing scripts. Those scripts scan the code and discover code fragments that can be potentially insecure. Based on this data, we train our programmers to code securely.
The proven procedure of closing vulnerabilities
If a vulnerability is detected, we eliminate it in 3 steps:
Corporate tools are always up-to-date
Every tool that we use in our everyday routine—from the development tools to the corporate messenger—we keep up-to-date.
Network security
Our internal resources are heavily protected from penetration.
Passwords are safe
We use specialized enterprise-grade services to share and store passwords.
2-factor authorization where possible
Our corporate accounts are protected with 2-factor authorization—this is obligatory for every employee.