Read through our security policies for testing sessions, local testing, application security and privacy.
To test your local or development environment, we provide a quick and easy way to create a tunnel between your machine and the BrowserStack network. Once the local tunnel is connected, you can test your internal web server or local HTML design files in our remote browsers as easily as you would on your local browser.
Virtual machine and testing sessions
Data Centre Security
We are hosted on Amazon AWS and have partnered with highly respected, worldwide, hosting providers to provide exceptional security and reliable access to virtual machines for testing, year round. To find out more go to: http://aws.amazon.com/security/
Restricted access to VM's
Our virtual machines run Mac OSX and Windows. We provide highly restricted access to users, allowing only browser testing. Users cannot navigate, install, execute an application or change the configuration of the host operating system. Any malicious action will corrupt the virtual machine, which is then removed from our infrastructure. Our operating systems, browsers and emulators are upgraded with the latest security patches to avoid virtual machines from getting compromised. For every testing session, we give you private access to a virtual machine with browsers that aren't shared with any other users.
No history, no recording, no data is stored
Your testing sessions are kept private, even from our BrowserStack team. No video recording or screenshots are captured to ensure complete privacy. Once you stop testing, your data is completely erased.
Secure testing sessions
Remote access to our virtual machine uses VNC protocol using standard ports 22, 443 and 80. In case a restricted corporate firewall doesn't allow access to these ports, we fallback to a secure https connection between the user and virtual machine, ensuring encrypted data transfer without the need for special rules in your corporate firewall.
Pristine Virtual machine
Every time you stop your browser testing session, virtual machines are completely restored to their original state which clears any activity and all of the data. The Virtual machine is destroyed if it fails to restore to its original state or if it doesn't pass any precautionary checks.
Local testing via tunnel
Signed Java Applet
To setup the local tunnel easily from your browser, we use Java Applet. This allows you to create a secure connection between user and virtual machine. Java Applet is signed by a code signing certificate that adds a digital signature, this validates that the code comes from BrowserStack. When you attempt to set up tunnel, a dialog box will appear identifying BrowserStack as the publisher and asking your permission to execute Java Applet. Any alteration of the original code breaks the digital signature, alerting potential users that the content is not to be trusted.
Restricted SSH protocol
Local tunnel uses Secure Shell (SSH) protocol for secure data communication. Local tunnel connection only allows access to the internal server or local directory, rejecting access to any other part of your network. Once tunnel is connected only the user has access to local tunnel URL in the virtual machine that's currently assigned to them. This strictly ensures that only the user can access their local content via local tunnel.
Disconnecting the tunnel
The Local tunnel connection automatically gets disconnected when you navigate away from the BrowserStack Dashboard or close the tab that it is open in. This ensures security even if you forget to disconnect tunnel after use. To avoid frequent need for connecting tunnel, we automatically connect tunnel for you once you start testing. The Local tunnel connection gets permanently disconnected if you disconnect the tunnel yourself.
Application Level Security
BrowserStack account passwords are encrypted. Even our own staff can't view them. If you lose your password, it can't be retrieved — it must be reset. Sign up, sign in and other authentication related pages pass data via SSL. Credit card transactions are maintained by our merchant partner Stripe and we do not store credit card details. They have implemented the highest level of security compliance: https://stripe.com/help/security