Read through our security policies for testing sessions, local testing, application security and privacy.
- Remote testing session
- Local testing
- Virtual machines privacy and security
- Secure hosting for virtual machines
- Secure storage of BrowserStack credentials
- Access control systems
- Screenshots and Automate log data
Remote sessions establish a connection between your computer and the BrowserStack cloud, thus allowing you to test your website on secure virtual machines. Each virtual machine is a fresh instance, restored to its original settings, guaranteeing not only a tamper-proof environment, but also a consistent baseline for test scenarios. Read more about our virtual machine security policies here.
To make testing as easy as possible, we use VNC protocol to transfer the data from your machine to the server. This data is encrypted, so as not to be accessible whilst in transit. Also, there is no additional setup required on the client end, since all the transacting takes place from within the browser itself.
In the event that you are testing from behind a firewall, BrowserStack does not require any special rules to operate successfully. We use HTTPS and WSS, both of which are standard web protocols, allowed universally by firewalls. Therefore, your existing security is left altogether intact.Back to top Local testing
Local Testing enables you to test local folders and internal servers. We use custom-designed Chrome and Firefox extensions, with WSS (secure websockets) to connect your machine to the cloud. Websockets allows extensive interaction between the client browser and the servers. To protect the privacy of transferred data during the testing session, we use WSS exclusively. WSS uses SSL over port 443 for transport and therefore only transmits encrypted data.
When testing an internal or local server, we forge a connection between the server you have specified, and our virtual machines. The mechanism is set up to forward requests and responses back and forth, and nothing else. Similarly for folder testing, the cloud only has access to the folder mentioned during the setup of the connection. Our infrastructure cannot access anything else on your filesystem.Back to top Virtual machines privacy and security
Each time a new testing session is created, the cloud assigns the user a pristine virtual machine. Our machines are restored to their original states, which means they are stripped of their registry contents, caches are erased, cookies are deleted, and all running processes are killed. Additionally, users do not have the privileges to install any programs on the machines. Therefore, after the restoration process is complete, the virtual machines are guaranteed to be tamper-proof. The advantage is that each time a test is run, the default settings are restored, thus providing an ideal test scenario.
Once the restoration process is complete, the virtual machine is then put through a series of validation checks, as a fail-safe mechanism. In the rare case that the virtual machine fails even a single check, it is taken off the infrastructure altogether. The machines themselves are in a secure network, and behind strong firewalls to present the safest environment possible.
Our restoration mechanisms for virtual machines is stringent and extremely thorough, ensuring that even the smallest scrap of browsing data is erased. This list includes the temporary cache of files, the browsing history, any cookies generated during the testing session, passwords and other form data, logs of any kind, and all downloads. We guarantee to our users that we do not have any mechanism to view or store their browsing data. All data is wiped out from the virtual machines as soon as the session ends.Back to top Secure hosting for virtual machines
BrowserStack partners with only with the best hosting providers across the globe, and our machines are located in secure locations in the US, Europe, Singapore, and Australia. Our selection process is exacting, focussing on excellent service records and established security policies.
Each service provider has implemented security with the view to protect all those using their cloud. Many have had their security policies independently audited from an external authority, and have been certified under major compliance regulators. One of our providers is AWS, and you can read more about their security here.
We ensure that the machines within the infrastructure are protected from ground up. Starting from physical security, we constantly improve security policies as the threat landscape changes. Our priority is to protect the integrity of your data, and guard against any service interruptions.Back to top Secure storage of BrowserStack credentials
Your account information: username, logins, password, access keys, and account details, are stored in an encrypted format on our systems. We use SSL to transmit information back and forth from our servers. BrowserStack cannot view any of your credentials, so much so that if you lose your password, it must go through the reset procedure for your account to be accessible again.Back to top Access control systems
Our sophisticated Identity Access Management systems log every entry into the cloud infrastructure. BrowserStack has limited access to client instances, therefore ensuring a completely secure testing environment.
In addition to these mechanisms, we provide a role-based administration system for the user accounts as well. There are 3 roles: owner, admin, and user; each with different permissions. The administrators of the account (owner and other admins) can control user activity at will, even to the extent of prohibiting team members from accessing products.Back to top Screenshots and Automate log data
Any screenshots and Automate log data, generated during the testing sessions, is stored in a secure database on our cloud. The access mechanism is highly encrypted and therefore, your data is only accessible to you, via your BrowserStack account.Back to top