Security

We use Vercel logs to monitor our website’s traffic and check for any irregular or unauthorized attempts to access sensitive areas. This includes:

• Analyzing Access Patterns: We regularly review traffic logs for unusual requests, such as automated probes targeting files that don’t exist on our platform (e.g., xmlrpc.php).

• Logging Suspicious Requests: Any access attempts to non-existent or suspicious endpoints are flagged and monitored to ensure no further unauthorized attempts follow.

• Automated Rate Limiting: For added protection, our platform may automatically block excessive or repetitive requests that appear malicious.

• Encryption of Sensitive Data: All speedrun data is encrypted using a public/private key approach. When users upload their speedrun data, it is encrypted client-side with a public key and then stored securely on our servers. Only the intended recipient can decrypt the data using a corresponding private key.

• Secure Storage with Supabase: We rely on Supabase

  for secure backend services. Sensitive data is stored in private tables accessible only by authorized users, and all user information is handled according to strict privacy protocols.

• Transparency Benefits: Our open-source status allows anyone to review our code, which promotes transparency and encourages community feedback.

• Security Reviews for Contributions: Any external contributions or code changes are carefully reviewed with a focus on maintaining security standards. We appreciate the support of the community in helping to identify and address potential security risks.

• Community Feedback: We invite feedback from the community to ensure that Wycademy remains a safe and reliable platform. If you spot an issue or potential vulnerability, we’d love to hear from you.

• Frameworks and Modern Tools: Wycademy is built with Supabase

  , SvelteKit
  , and Vercel
  , each of which follows industry best practices in security.

• Sanitization of Inputs: All user inputs are thoroughly sanitized and validated to prevent malicious code injections.

• Access Controls and Permissions: We enforce strict access controls for any pages or data that require special permissions, ensuring only authorized users have access to sensitive features.

• How to Report a Vulnerability: We take security issues seriously and encourage responsible disclosure. If you discover a vulnerability or have concerns about our site’s security, please report it responsibly via GitHub Issues.

• Logging Suspicious Requests: Any access attempts to non-existent or suspicious endpoints are flagged and monitored to ensure no further unauthorized attempts follow.

• Disclosure Guidelines: When reporting, please include as much detail as possible to help us address the issue quickly. Avoid sharing details publicly until we’ve had a chance to review and resolve the issue.

• Use Strong, Unique Passwords: While Wycademy doesn’t require passwords (relying on OAuth via Discord), any associated accounts should still use strong, unique passwords for added security.

• Regularly Monitor Account Activity: Keep an eye on any activity or settings related to your account. Report unusual findings immediately.

• Avoid Sharing Sensitive Information: Be cautious when sharing any personal information or sensitive data in public spaces.

If you have any questions about security on Wycademy, want to report an issue, or just want to learn more about our practices, please reach out to us.

We also recommend exploring some general resources on web security best practices, including the OWASP Foundation’s website

and other open-source security guides.