Security
MAULBOT handles brokerage connections and trading controls, so access to the application is tightly restricted. This page summarizes the controls in place for the private application.
Access & authentication
- The application (everything under
/app) is private and requires authenticated sign-in. - Identity-provider sign-in with a per-account time-based one-time password (TOTP) second factor.
- Sensitive, state-changing actions require a verified second factor.
- Role-based access control governs what each account may see and do.
Network & transport
- All traffic is served over HTTPS; the application sits behind an authenticating edge proxy.
- A strict Content-Security-Policy, HSTS-style transport hardening, and clickjacking protections are enforced on responses.
- Brokerage gateways run on isolated hosts and are not exposed to the public internet.
Data protection
- Broker credentials and secrets are encrypted at rest.
- Least-privilege database roles separate read-only analytics from privileged operations.
- Security-relevant events are logged for audit.
This page
The public pages you are reading (home, about, market outlook, and these policy pages) are intentionally the only content served without sign-in, and they expose no account or trading data.
Responsible-disclosure contact: [email protected].