AppForDummies is based in Singapore
We are PDPC certified by IMDA the data governing bodies.
Data storage and management are governed by strict role-based access controls in Singapore.
Independent Pen Test
AppForDummies performs at least once a year a Pen Test with a Third Party that is mandated to evaluate the overall robustness, scalability and resilience of the platform. It includes but not exhaustive: SQL Flaws, XSS, Malicious File Execution, CSRF, Cryptographic Storage, URL Access.
Governance, Training & Authorisation
All employees are mandated to attend regular Data Protection and Cyber Security training to ensure security awareness and knowledge of latest security threats.
All employees pledged and signed a set of governance policies adhering to the strictest data security and IP confidentiality compliance.
In-House Security Protocol
Our IT architecture has been designed to follow the highest security protocol and standards of the market.
Regular Penetration testings & Vulnerability Assessments with VERACODE & Crashtest Security
Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Veracode owns the software security technology: Crashtest Security.
Crashtest Security is a developer-oriented dynamic application security testing (DAST) tool.
The highest standard of security and reliability
Our servers are hosted on Microsoft Azure, the leading Infrastructure Provider in the world. Microsoft Azure is Singapore Multi-Tier Cloud Security Standard (MTCS SS 584) Level-3 (CSP) certified together with other global certifications such as the ISO 27001 (Security Management Controls) and ISO 27018 (Personal Data Protection)
​
AppForDummies has designed and follows the strictest set of security mandates and governance to remain in full compliance with the regulatory requirements and guidelines of the governing bodies where it operates.
28% of AppForDummies IT budget is dedicated to our security program, which consists of three separate, dedicated teams that monitor systems and threats 24/7.