Security
Monitoring and Protection Measures
Analyzing Access Patterns: We regularly review traffic logs for unusual requests, such as automated probes targeting files that don’t exist on our platform (e.g.,
xmlrpc.php).- Logging Suspicious Requests: Any access attempts to non-existent or suspicious endpoints are flagged and monitored to ensure no further unauthorized attempts follow.
- Automated Rate Limiting: For added protection, our platform may automatically block excessive or repetitive requests that appear malicious.
Encryption and Data Protection
Encryption of Sensitive Data: All speedrun data is encrypted using a public/private key approach. When users upload their speedrun data, it is encrypted client-side with a public key and then stored securely on our servers. Only the intended recipient can decrypt the data using a corresponding private key.
- Secure Storage with Supabase: We rely on Supabase for secure backend services. Sensitive data is stored in private tables accessible only by authorized users, and all user information is handled according to strict privacy protocols.
Open Source Transparency and Code Auditing
Transparency Benefits: Our open-source status allows anyone to review our code, which promotes transparency and encourages community feedback.
- Security Reviews for Contributions: Any external contributions or code changes are carefully reviewed with a focus on maintaining security standards. We appreciate the support of the community in helping to identify and address potential security risks.
- Community Feedback: We invite feedback from the community to ensure that Wycademy remains a safe and reliable platform. If you spot an issue or potential vulnerability, we’d love to hear from you.
Secure Development Practices
Frameworks and Modern Tools: Wycademy is built with Supabase , SvelteKit , and Vercel , each of which follows industry best practices in security.
- Sanitization of Inputs: All user inputs are thoroughly sanitized and validated to prevent malicious code injections.
- Access Controls and Permissions: We enforce strict access controls for any pages or data that require special permissions, ensuring only authorized users have access to sensitive features.
Responsible Disclosure Program
How to Report a Vulnerability: We take security issues seriously and encourage responsible disclosure. If you discover a vulnerability or have concerns about our site’s security, please report it responsibly via GitHub Issues.
- Logging Suspicious Requests: Any access attempts to non-existent or suspicious endpoints are flagged and monitored to ensure no further unauthorized attempts follow.
- Disclosure Guidelines: When reporting, please include as much detail as possible to help us address the issue quickly. Avoid sharing details publicly until we’ve had a chance to review and resolve the issue.
Security Tips for Users
Use Strong, Unique Passwords: While Wycademy doesn’t require passwords (relying on OAuth via Discord), any associated accounts should still use strong, unique passwords for added security.
- Regularly Monitor Account Activity: Keep an eye on any activity or settings related to your account. Report unusual findings immediately.
- Avoid Sharing Sensitive Information: Be cautious when sharing any personal information or sensitive data in public spaces.
Frequently Asked Questions (FAQ)
-
When a vulnerability is reported, our team reviews and prioritizes it. We work promptly to resolve the issue, with fixes deployed as soon as possible.
-
All sensitive data is encrypted and stored securely in Supabase, which adheres to modern security standards. We also minimize data collection and storage wherever possible.
-
You can contribute by reviewing our code on GitHub, reporting issues, and following our responsible disclosure guidelines. Community feedback is invaluable in maintaining a secure site.