ERM Systems
← Back to home

Security

1. Our Commitment

At Storm Projects, security is a foundational principle of our platform and operations. We understand that our clients entrust us with sensitive financial data, and we take that responsibility seriously.

2. Infrastructure Security

  • Encryption in Transit: All communications are encrypted using TLS 1.2+ with strong cipher suites. HSTS is enforced across all endpoints.
  • Content Security Policy: Nonce-based CSP is generated per request to prevent cross-site scripting (XSS) attacks.
  • Security Headers: X-Frame-Options, X-Content-Type-Options, Referrer-Policy, COEP, COOP, and CORP headers are set on all responses.
  • Containerized Deployment: Docker-based deployment with multi-stage builds, non-root users, and minimal Alpine base images.

3. Application Security

  • Input Validation: All user input is validated server-side with strict type checking and sanitization.
  • Rate Limiting: IP-based rate limiting is applied to all public-facing endpoints to prevent abuse.
  • Authentication: JWT-based authentication with role-based access control for all protected resources.
  • Spam Protection: Contact forms include honeypot fields and server-side validation to prevent automated submissions.

4. Network Security

  • Firewall: UFW-based firewall rules with default-deny policy, allowing only necessary ports.
  • Intrusion Prevention: Fail2Ban is configured to detect and block brute-force attempts.
  • Reverse Proxy: Nginx serves as a reverse proxy with security-hardened configuration.

5. Data Protection

We follow the principle of least privilege and data minimization. Personal data collected through the website is limited to what is necessary for communication purposes. We do not store financial trading data on the website infrastructure.

6. Vulnerability Reporting

If you discover a security vulnerability on our website, we encourage responsible disclosure. Please contact us via the website contact form with details of the issue. We will acknowledge receipt and work to resolve confirmed vulnerabilities promptly.

7. Continuous Improvement

We regularly review and update our security practices to address emerging threats. Our infrastructure is tested against industry-standard benchmarks including SSL Labs, Security Headers, and Mozilla Observatory.

Last updated: March 17, 2026