Atestaria é o protocolo de autenticidade que prova quem criou o quê e quando — de um jeito que ninguém consegue falsificar, nem com IA, nem com computadores quânticos do futuro.
Trust Center · Security

Security at Atestaria

Defence-in-depth covering encryption, key management, application hardening, operations, and coordinated vulnerability disclosure.

Defense in depth

  • Encryption in transit: TLS 1.2+ everywhere. HSTS enforced in production.
  • Encryption at rest: PostgreSQL volume encryption + envelope encryption for sensitive fields via KMS.
  • Key management: All server signing keys are protected by a KMS adapter (Local / AWS KMS / GCP KMS / HashiCorp Vault). Master keys never leave the KMS boundary.
  • Quantum-safe roadmap: Hybrid Ed25519 + ML-DSA (Dilithium) signatures available.

Application security

  • Bcrypt with cost 12 for passwords; HMAC-signed sessions; CSRF protection on admin.
  • Strict security headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, no-store cache.
  • Rate limiting at IP and tenant level. Centralized error handling.
  • Static analysis and dependency audit on every release.

Operational security

  • Hash-chained audit log of every sensitive action; head signed by KMS.
  • Centralized observability with OpenTelemetry traces + metrics; Sentry-compatible error reporting.
  • Secrets only in environment variables; never in source control. Quarterly rotation policy.
  • Production access requires SSO + MFA. Least privilege enforced via RBAC.

Coordinated vulnerability disclosure

Report vulnerabilities to [email protected]. See security.txt and our bug bounty program.

Back to the Trust Center
Autêntico. Auditável. À prova do tempo.
Atestaria é o protocolo de autenticidade que prova quem criou o quê e quando — de um jeito que ninguém consegue falsificar, nem com IA, nem com computadores quânticos do futuro.