- paginsAsked on March 24, 2016 at 09:25 AM
Should I feel confident requesting personally identifiable information via JotForm?
- JotForm SupportJanAnswered on March 24, 2016 at 10:20 AM
We take security here in JotForm very seriously. All of the submissions are using SSL.
The forms and submissions are transmitted securely with a 256 bit high-grade encryption. It means that the data is encrypted during the transmission and cannot be interrupted by anyone else. We have a SSL certificate that uses SHA256 /w RSA. (https://www.ssllabs.com/ssltest/analyze.html?d=secure.jotform.com)
We have bug bounty programs where we pay outside parties for reporting vulnerabilities in our system. Our servers are protected by private networks and constantly updated and patched.
Please check our FAQ: https://www.jotform.com/faq#18
If you have any specific questions about security, please let us know. We are more than happy to answer them. Thank you.
- Dave CroutAnswered on December 06, 2016 at 12:59 PM
When a user fills out a textfield or textbox on a form, they could embed malicious script in the text, which could potentially result in a hack to our systems.
How does Jotform guard against Cross Site Scripting attacks? Are you OWASP (Open Web Application Security Project) certified ?
- JotForm SupportJanAnswered on December 06, 2016 at 01:26 PM
I created a separate thread for your question, here's the link: https://www.jotform.com/answers/1004940.
- paginsAnswered on December 06, 2016 at 01:45 PMGood question!