Security Policy — EP Cybertools
EP Cybertools is built with security as a foundational principle, not an afterthought. Every component of the platform — from the network layer to the application layer — is designed to protect both our infrastructure and the privacy of users who rely on our diagnostic tools. We apply the same security standards we teach through our tools to our own systems, ensuring that what we recommend to security professionals is exactly what we practice ourselves.
Our platform is deployed with a defense-in-depth architecture: all traffic is encrypted with TLS 1.3, strict HTTP security headers (Content-Security-Policy, HSTS with preload, X-Frame-Options, Referrer-Policy) are enforced on every response, and our server infrastructure is hardened against common attack vectors including SQL injection, XSS, CSRF, and path traversal. We perform regular automated security scanning and manual penetration testing to identify and remediate vulnerabilities before they can be exploited.
HTTPS Everywhere
All connections are encrypted with TLS 1.3, the latest and most secure version of the Transport Layer Security protocol. HTTP Strict Transport Security (HSTS) is enabled with the preload directive, ensuring browsers never connect over unencrypted HTTP. Our certificates are issued by a trusted Certificate Authority and are automatically renewed via ACME, eliminating the risk of expired certificates causing downtime or security warnings.
No Persistent Data Storage
Query inputs (domains, IP addresses, email addresses) are processed in real time and are not permanently stored in any database or log system. We collect only the minimum data necessary to perform the requested diagnostic operation and return results. This design ensures that sensitive organizational infrastructure information submitted for analysis cannot be accessed, retained, or exposed through a database breach.
Rate Limiting & Abuse Prevention
All API endpoints and diagnostic tools are protected by multi-layer rate limiting to prevent abuse, automated scanning, and denial-of-service attacks. Rate limits are applied per IP address and per endpoint, with graduated backoff responses that allow legitimate users to continue working while blocking abusive patterns. Our infrastructure is also protected by DDoS mitigation at the network edge.
Continuous Security Monitoring
Our systems are continuously monitored for security anomalies, unauthorized access attempts, and configuration drift. Automated alerts notify our security team of unusual traffic patterns, failed authentication attempts, and potential intrusion indicators. We maintain comprehensive audit logs of all administrative actions and infrastructure changes, retained for forensic analysis and compliance purposes.
We take security vulnerabilities seriously and appreciate the security research community's efforts to make the web safer. If you discover a security vulnerability in EP Cybertools, we ask that you follow responsible disclosure practices: report the issue to us privately before publishing, give us reasonable time to investigate and remediate, and avoid accessing user data or disrupting service availability during your research.
Email: [email protected]
Please include detailed steps to reproduce the issue, the potential impact, and any proof-of-concept code or screenshots that demonstrate the vulnerability. We will acknowledge your report within 24 hours and provide regular status updates as we investigate and remediate. We commit to crediting researchers who responsibly disclose valid security issues in our public security acknowledgements.
We are actively working to launch a formal bug bounty program to reward security researchers who identify and responsibly disclose vulnerabilities in EP Cybertools. The program will cover our web application, API endpoints, and supporting infrastructure. Priority vulnerabilities will include authentication bypass, sensitive data exposure, remote code execution, and server-side request forgery (SSRF). Details will be published on this page when the program launches.