Security and Compliance FAQ. Learn how S3 Browser complies with the latest security standards.
S3 Browser
Free Windows Client for Amazon S3 and Amazon CloudFront
Follow:
Twitter
Telegram
Facebook
RSS
Share:

Security and Compliance FAQ

Your Data:

Your data is stored on the storage of your choice. S3 Browser is simply a client program that helps you access your data from the storage you select.

Security Overview:

S3 Browser ensures that the data you work with is only sent to its intended destination, such as S3 endpoints. It does not redirect your data elsewhere.

During new version checks or license activation/deactivation, the following data is sent to s3browser.com

  • Software version string (e.g., "9.5.5")
  • CPU architecture ("x86" or "x64")
  • Randomly generated installation ID
    (e.g.,"1a79a4d60de6718e8e5b326e338ae533")
  • MD5 hash of your License key
  • Public IP address of the machine

Opt-Out Features:

All these transmissions are optional and can be disabled:

  • New version checks can be turned off in Tools > Options > General
  • There is an offline procedure available for license key activation/deactivation.

The S3 Browser team does not have access to view the content or files you store or transfer to/from your S3 storage.

1. Change management and secure development process:

At our software development company, we prioritize change management and secure development processes. We ensure that all changes go through a formalized process, which includes documentation, testing, and approval. Our change management process integrates security considerations, such as secure coding practices, code reviews, and threat modeling. By incorporating security into our change management process, we minimize the risk of introducing vulnerabilities or weaknesses into our software.

2. Security testing or penetration testing:

We recognize the importance of both security testing and penetration testing as vital components of our comprehensive security strategy. Our approach involves conducting regular security testing to assess the software and infrastructure for vulnerabilities, misconfigurations, and weaknesses. Additionally, we periodically perform penetration testing to simulate real-world attacks and identify potential vulnerabilities that may be exploitable. This combination of security testing and penetration testing allows us to proactively identify and mitigate security risks.

3. Security training for developers:

At our company, we prioritize providing comprehensive security training for our developers. We understand that developers play a critical role in ensuring the security of the software they build. Our security training program raises awareness about secure coding practices, common vulnerabilities, and relevant security standards. Topics covered include input validation, secure authentication, secure session management, and protection against common attack vectors such as SQL injection and cross-site scripting. By investing in developer security training, we foster a security-conscious culture and reduce the likelihood of introducing security flaws.

4. Vulnerability management, patch management, and security updates procedures:

We have established robust vulnerability management procedures to address security weaknesses in our software and infrastructure. Our process involves identifying, assessing, prioritizing, and remediating vulnerabilities. We actively monitor security advisories, maintain a comprehensive inventory of software components, and implement a system for tracking vulnerabilities. Additionally, we have effective patch management procedures in place to ensure prompt application of security updates and patches. By maintaining proactive vulnerability management, we minimize the window of opportunity for attackers to exploit vulnerabilities.

5. Enforcing segregation between environments:

At our company, we enforce strict segregation between different environments, including production, staging, testing, and development. We accomplish this through implementing stringent access controls and separation of duties. Each environment has its own set of credentials, access controls, and network segmentation to prevent unauthorized access or unintended interactions between environments. This segregation minimizes the risk of unauthorized changes or compromises in critical production systems.

6. Compliance with ISO27001:

Although we haven't pursued formal certification, we strive to meet the high standards set by ISO27001 to ensure the confidentiality, integrity, and availability of our information assets. Our focus remains on safeguarding our systems and data, and we continuously work towards strengthening our security practices in line with industry standards.

We follow all industry best practices and security requirements.

As most of our infrastructure is AWS based, our main source is AWS Security Best Practices: https://aws.amazon.com/architecture/security-identity-compliance

We also refer to The CIS Critical Security Controls for Effective Cyber Defense

S3 Browser 12.1.5 Freeware
Powered by Amazon Web Services and Rated by CNET Editors!
Social Connection
S3 Client Logo
 
People like S3 Browser!
Our customers say

"S3 Browser is an invaluable tool to me as a web developer to easily manage my automated site backups" -Bob Kraft, Web Developer

"Just want to show my appreciation for a wonderful product. I use S3 Browser a lot, it is a great tool." -Gideon Kuijten, Pro User

"Thank You Thank You Thank You for this tool. A must have for anyone using S3!" -Brian Cummiskey, USA

Related Products
TntDrive
Easily mount Amazon S3 Bucket as a Windows Drive.
RdpGuard
protects your Windows Server from RDP Brute-force Attacks.
"Amazon Web Services", "AWS", "Amazon S3", "Amazon Simple Storage Service", "Amazon CloudFront", "CloudFront", the "Powered by Amazon Web Services" logo are trademarks of Amazon.com, Inc. or its affiliates in the US and/or other countries.
Copyright © 2008-2024 Netsdk Software FZE. All rights reserved.  Terms of Use.  Privacy Policy.  S3 Drive.  RDP brute-force protection.